CVE-2022-31363 HIGH

CVE-2022-31363

Vendor N/A
Product n/a
Published February 1, 2023
Last update March 27, 2025

CVSS base score

8.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:A/A:L/C:H/I:L/PR:L/S:C/UI:N

What the vulnerability does

01Description

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU.

Key dates

02Disclosure timeline

February 1, 2023 CVE published
March 27, 2025 Record updated