Posted on

VU#317277: Texas Instruments Microcontrollers CC2640 and CC2650 are vulnerable to heap overflow

CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer – CVE-2018-16986 Both Texas Instruments microcontrollers CC2640 and CC2650 BLE-Stacks contain a memory corruption vulnerability resulting from the mishandling of BLE advertising packets. The function llGetAdvChanPDU that is part of the embedded ROM image in both chips handles the incoming advertising packets and parses their headers. It copies the contents to a separate buffer provided by the calling function. The incorrect length of the packet is taken and end up being parsed as larger packets than originally intended. If the incoming data is over a certain length,the function will call the halAssertHandler function,as defined by the application running on top of the stack,and not stop execution. Since the flow of execution does not stop,it will copy the overly large packet to the buffer and cause a heap overflow.

Leave a Reply

Your email address will not be published. Required fields are marked *