8.8
CVE-2022-30904
- EPSS 0.12%
- Veröffentlicht 01.02.2023 21:15:08
- Zuletzt bearbeitet 27.03.2025 15:15:37
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginIn Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bestechnic ≫ Bluetooth Mesh Software Development Kit Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.31 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cve@mitre.org | 8.2 | 2.3 | 5.3 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.