PT-2022-22930 · Nordic · Nordic Nrf5 Sdk For Mesh
Published
2022-08-15
·
Updated
2022-08-17
·
CVE-2022-35624
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nordic nRF5 SDK for Mesh version 5.0
Description
A heap overflow issue can be triggered by sending a series of segmented packets where
SegO is greater than SegN. This allows for potential exploitation.Recommendations
For Nordic nRF5 SDK for Mesh version 5.0, consider implementing packet validation to ensure
SegO is not greater than SegN to prevent the heap overflow. As a temporary workaround, restrict the handling of segmented packets until a patch is available.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nordic Nrf5 Sdk For Mesh