Synology-SA-18:57 BleedingBit
Publish Time: UTC+8
Last Updated: UTC+8
- Severity
- Not affected
- Status
- Resolved
Abstract
CVE-2018-16986, a.k.a BleedingBit, allows remote attackers to execute arbitrary code via a susceptible version of Texas Instrument CC2640 or CC2650.
None of Synology's products are affected as CVE-2018-16986 only affects products equipped with Texas Instrument CC2640 or CC2650.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2 | Not affected | N/A |
| DSM 6.1 | Not affected | N/A |
| DSM 5.2 | Not affected | N/A |
| SkyNAS | Not affected | N/A |
| VS960HD | Not affected | N/A |
| SRM 1.2 | Not affected | N/A |
Mitigation
None
Detail
- CVE-2018-16986
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2018-11-02 | Initial public release. |
| 2 | 2019-12-24 | Disclosed vulnerability details. |