CVE-2022-31364 HIGH

CVE-2022-31364

Vendor N/A

Product n/a

Published February 1, 2023

Last update March 27, 2025

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:A/A:L/C:H/I:L/PR:L/S:C/UI:N

What the vulnerability does

01Description

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.

Key dates

02Disclosure timeline

February 1, 2023 CVE published

March 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-31364