CVE-2022-31364

Name of the Vulnerable Software and Affected Versions Cypress Bluetooth Mesh SDK version BSA0107 05.01.00-BX8-AMESH-08

Description The issue is related to a buffer overflow that can allow the execution of arbitrary code remotely. It is caused by an out-of-bound write vulnerability in the lower transport layer on seg function. This vulnerability can be triggered by sending a series of segmented packets with inconsistent SegN.

Recommendations For Cypress Bluetooth Mesh SDK version BSA0107 05.01.00-BX8-AMESH-08, as a temporary workaround, consider disabling the lower transport layer on seg function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.