VYPR

Cypress

by Cypress

CVEs (13)

  • CVE-2020-10370HigNov 11, 2024
    risk 0.50cvss 8.8epss 0.01

    Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a "Spectra" attack.

  • CVE-2020-10368LowNov 10, 2024
    risk 0.16cvss 3.5epss 0.00

    Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack.

  • CVE-2021-34147Sep 7, 2021
    risk 0.00cvss epss 0.01

    The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT…

  • CVE-2021-34148Sep 7, 2021
    risk 0.00cvss epss 0.01

    The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a…

  • CVE-2021-34145Sep 7, 2021
    risk 0.00cvss epss 0.00

    The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing…

  • CVE-2021-34146Sep 7, 2021
    risk 0.00cvss epss 0.01

    The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand…

  • CVE-2019-18614Jun 16, 2020
    risk 0.00cvss epss 0.00

    On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which…

  • CVE-2020-11957Jun 9, 2020
    risk 0.00cvss epss 0.00

    The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and…

  • CVE-2019-13916Apr 13, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1. As a Bluetooth Low Energy (BLE) packet is received, it is copied into a Heap (ThreadX Block) buffer. The buffer allocated in dhmulp_getRxBuffer is four bytes too small to hold the…

  • CVE-2019-16336Feb 12, 2020
    risk 0.00cvss epss 0.01

    The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service…

  • CVE-2019-17061Feb 10, 2020
    risk 0.00cvss epss 0.01

    The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within…

  • CVE-2019-11516Feb 5, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite…

  • CVE-2007-5922Nov 10, 2007
    risk 0.00cvss epss 0.01

    The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.