PT-2022-22929 · Nordic · Nordic Nrf5 Sdk For Mesh
Published
2022-08-15
·
Updated
2022-08-16
·
CVE-2022-35623
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nordic nRF5 SDK for Mesh version 5.0
Description
A heap overflow issue can be triggered by sending a series of segmented control packets and access packets with the same
SeqAuth.Recommendations
For Nordic nRF5 SDK for Mesh version 5.0, consider implementing packet validation to prevent the heap overflow issue until a patch is available. Restrict access to the vulnerable function that processes segmented control packets and access packets to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nordic Nrf5 Sdk For Mesh