Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for princeton-tl10c_firmware by huawei

    CVE-2020-9235 (GCVE-0-2020-9235)

    Vulnerability from nvd – Published: 2020-09-03 18:04 – Updated: 2024-08-04 10:19
    VLAI
    Summary
    Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a HONOR 20 PRO;Honor View 20;OxfordS-AN00A;Princeton-AL10B;Princeton-AL10D;Princeton-TL10C;Tony-AL00B;Yale-AL00A;Yale-L21A;Yale-L61A Affected: Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1)
    Affected: Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3)
    Affected: Versions earlier than 10.1.0.212(C00E210R5P1)
    Affected: Versions earlier than 10.1.0.160(C00E160R2P11)
    Affected: Versions earlier than 10.1.0.160(C01E160R2P11)
    Affected: Versions earlier than 10.1.0.160(C00E160R8P12)
    Affected: Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1)
    Affected: Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:20.123Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HONOR 20 PRO;Honor View 20;OxfordS-AN00A;Princeton-AL10B;Princeton-AL10D;Princeton-TL10C;Tony-AL00B;Yale-AL00A;Yale-L21A;Yale-L61A",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.212(C00E210R5P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.160(C01E160R2P11)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.160(C00E160R8P12)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T18:04:26.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2020-9235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HONOR 20 PRO;Honor View 20;OxfordS-AN00A;Princeton-AL10B;Princeton-AL10D;Princeton-TL10C;Tony-AL00B;Yale-AL00A;Yale-L21A;Yale-L61A",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.212(C00E210R5P1)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C01E160R2P11)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C00E160R8P12)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2020-9235",
        "datePublished": "2020-09-03T18:04:26.000Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:19:20.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5235 (GCVE-0-2019-5235)

    Vulnerability from nvd – Published: 2019-12-13 23:09 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
    Severity
    No CVSS data available.
    CWE
    • null pointer dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B Affected: Version
    Affected: 9.1.0.206(C00E205R3P1)
    Affected: 9.0.1.5(C735R1)
    Affected: 9.1.0.1(C00R3)
    Affected: 9.1.0.206
    Affected: 9.0.1.162(C01E160R2P3)
    Affected: 8.2.0.170(C861)
    Affected: 8.2.0.188(C00R2P1)
    Affected: 8.2.0.163(C605)
    Affected: 8.2.0.160(C185)
    Affected: 8.2.0.156(C636R2P2)
    Affected: 8.2.0.152(C45CUSTC45D1)
    Affected: 8.2.0.162(C605)
    Affected: 8.2.0.175(C00R2P4)
    Affected: 8.2.0.190(C788R1P16)
    Affected: 8.2.0.161(C675CUSTC675D1)
    Affected: 8.2.0.165(C00R1P16)
    Affected: 8.2.0.130(C461R1P1)
    Affected: 8.2.0.130(C652CUSTC652D1)
    Affected: 8.2.0.131(C10R2P2)
    Affected: 8.2.0.136(C432CUSTC432D1)
    Affected: 8.2.0.101(C10CUSTC10D1)
    Affected: 8.2.0.101(C432CUSTC432D1)
    Affected: 8.2.0.131(C55CUSTC55D1)
    Affected: 8.2.0.105(C185R1P1)
    Affected: 8.2.0.107(C636R2P1)
    Affected: 8.2.0.103(C652CUSTC652D1)
    Affected: 8.2.0.105(C185R2P1)
    Affected: 8.2.0.130(C636CUSTC636D2)
    Affected: 8.2.0.133(C605CUSTC605D1)
    Affected: 8.2.0.155(C675R2P1)
    Affected: 8.2.0.110(C652CUSTC652D1)
    Affected: 8.2.0.100(C541CUSTC541D1)
    Affected: 8.2.0.165(C01R1P16)
    Affected: 9.1.0.208(C00E205R3P1)
    Affected: 9.1.0.162(C00E160R2P1)
    Affected: 9.1.0.12(C00R1)
    Affected: 9.1.0.4(C735R1)
    Affected: 9.1.0.162
    Affected: 9.1.0.161
    Affected: 9.1.0.162(C01E160R2P1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.874Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.206(C00E205R3P1)"
                },
                {
                  "status": "affected",
                  "version": "9.0.1.5(C735R1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.1(C00R3)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.206"
                },
                {
                  "status": "affected",
                  "version": "9.0.1.162(C01E160R2P3)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.170(C861)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.188(C00R2P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.163(C605)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.160(C185)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.156(C636R2P2)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.152(C45CUSTC45D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.162(C605)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.175(C00R2P4)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.190(C788R1P16)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.161(C675CUSTC675D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.165(C00R1P16)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.130(C461R1P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.130(C652CUSTC652D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.131(C10R2P2)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.136(C432CUSTC432D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.101(C10CUSTC10D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.101(C432CUSTC432D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.131(C55CUSTC55D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.105(C185R1P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.107(C636R2P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.103(C652CUSTC652D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.105(C185R2P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.130(C636CUSTC636D2)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.133(C605CUSTC605D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.155(C675R2P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.110(C652CUSTC652D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.100(C541CUSTC541D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.165(C01R1P16)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.208(C00E205R3P1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.162(C00E160R2P1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.12(C00R1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.4(C735R1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.162"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.161"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.162(C01E160R2P1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "null pointer dereference",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T23:09:32.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version"
                              },
                              {
                                "version_value": "9.1.0.206(C00E205R3P1)"
                              },
                              {
                                "version_value": "9.0.1.5(C735R1)"
                              },
                              {
                                "version_value": "9.1.0.1(C00R3)"
                              },
                              {
                                "version_value": "9.1.0.206(C00E205R3P1)"
                              },
                              {
                                "version_value": "9.1.0.206"
                              },
                              {
                                "version_value": "9.0.1.162(C01E160R2P3)"
                              },
                              {
                                "version_value": "8.2.0.170(C861)"
                              },
                              {
                                "version_value": "8.2.0.188(C00R2P1)"
                              },
                              {
                                "version_value": "8.2.0.163(C605)"
                              },
                              {
                                "version_value": "8.2.0.160(C185)"
                              },
                              {
                                "version_value": "8.2.0.156(C636R2P2)"
                              },
                              {
                                "version_value": "8.2.0.152(C45CUSTC45D1)"
                              },
                              {
                                "version_value": "8.2.0.162(C605)"
                              },
                              {
                                "version_value": "8.2.0.175(C00R2P4)"
                              },
                              {
                                "version_value": "8.2.0.190(C788R1P16)"
                              },
                              {
                                "version_value": "8.2.0.161(C675CUSTC675D1)"
                              },
                              {
                                "version_value": "8.2.0.165(C00R1P16)"
                              },
                              {
                                "version_value": "8.2.0.130(C461R1P1)"
                              },
                              {
                                "version_value": "8.2.0.130(C652CUSTC652D1)"
                              },
                              {
                                "version_value": "8.2.0.131(C10R2P2)"
                              },
                              {
                                "version_value": "8.2.0.136(C432CUSTC432D1)"
                              },
                              {
                                "version_value": "8.2.0.101(C10CUSTC10D1)"
                              },
                              {
                                "version_value": "8.2.0.101(C432CUSTC432D1)"
                              },
                              {
                                "version_value": "8.2.0.131(C55CUSTC55D1)"
                              },
                              {
                                "version_value": "8.2.0.105(C185R1P1)"
                              },
                              {
                                "version_value": "8.2.0.107(C636R2P1)"
                              },
                              {
                                "version_value": "8.2.0.103(C652CUSTC652D1)"
                              },
                              {
                                "version_value": "8.2.0.105(C185R2P1)"
                              },
                              {
                                "version_value": "8.2.0.107(C636R2P1)"
                              },
                              {
                                "version_value": "8.2.0.130(C636CUSTC636D2)"
                              },
                              {
                                "version_value": "8.2.0.133(C605CUSTC605D1)"
                              },
                              {
                                "version_value": "8.2.0.155(C675R2P1)"
                              },
                              {
                                "version_value": "8.2.0.155(C675R2P1)"
                              },
                              {
                                "version_value": "8.2.0.110(C652CUSTC652D1)"
                              },
                              {
                                "version_value": "8.2.0.155(C675R2P1)"
                              },
                              {
                                "version_value": "8.2.0.100(C541CUSTC541D1)"
                              },
                              {
                                "version_value": "8.2.0.165(C01R1P16)"
                              },
                              {
                                "version_value": "8.2.0.100(C541CUSTC541D1)"
                              },
                              {
                                "version_value": "9.1.0.208(C00E205R3P1)"
                              },
                              {
                                "version_value": "9.1.0.208(C00E205R3P1)"
                              },
                              {
                                "version_value": "9.1.0.162(C00E160R2P1)"
                              },
                              {
                                "version_value": "9.1.0.12(C00R1)"
                              },
                              {
                                "version_value": "9.1.0.4(C735R1)"
                              },
                              {
                                "version_value": "9.1.0.162(C00E160R2P1)"
                              },
                              {
                                "version_value": "9.1.0.12(C00R1)"
                              },
                              {
                                "version_value": "9.1.0.162"
                              },
                              {
                                "version_value": "9.1.0.161"
                              },
                              {
                                "version_value": "9.1.0.162(C01E160R2P1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "null pointer dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5235",
        "datePublished": "2019-12-13T23:09:32.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.874Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9506 (GCVE-0-2019-9506)

    Vulnerability from nvd – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
    VLAI
    Title
    Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
    Summary
    The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
    CWE
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/918987/ third-party-advisoryx_refsource_CERT-VN
    http://www.cs.ox.ac.uk/publications/publication12… x_refsource_MISC
    https://www.usenix.org/conference/usenixsecurity1… x_refsource_MISC
    https://www.bluetooth.com/security/statement-key-… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Aug/14 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/13 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/15 mailing-listx_refsource_FULLDISC
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    https://usn.ubuntu.com/4115-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4118-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4147-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:2975 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2019:3076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3231 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3517 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0204 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Bluetooth BR/EDR Affected: 5.1 , ≤ 5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-08-14 00:00
    Credits
    Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#918987",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/918987/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
              },
              {
                "name": "USN-4115-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4115-1/"
              },
              {
                "name": "USN-4118-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4118-1/"
              },
              {
                "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
              },
              {
                "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
              },
              {
                "name": "USN-4147-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4147-1/"
              },
              {
                "name": "RHSA-2019:2975",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2975"
              },
              {
                "name": "openSUSE-SU-2019:2307",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
              },
              {
                "name": "openSUSE-SU-2019:2308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
              },
              {
                "name": "RHSA-2019:3076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3076"
              },
              {
                "name": "RHSA-2019:3055",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3055"
              },
              {
                "name": "RHSA-2019:3089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
              },
              {
                "name": "RHSA-2019:3187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3187"
              },
              {
                "name": "RHSA-2019:3165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3165"
              },
              {
                "name": "RHSA-2019:3217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3217"
              },
              {
                "name": "RHSA-2019:3220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3220"
              },
              {
                "name": "RHSA-2019:3231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3231"
              },
              {
                "name": "RHSA-2019:3218",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3218"
              },
              {
                "name": "RHSA-2019:3309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3309"
              },
              {
                "name": "RHSA-2019:3517",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3517"
              },
              {
                "name": "RHSA-2020:0204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0204"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "N/A"
              ],
              "product": "BR/EDR",
              "vendor": "Bluetooth",
              "versions": [
                {
                  "lessThanOrEqual": "5.1",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
            }
          ],
          "datePublic": "2019-08-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CWE-310 Cryptographic Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-30T10:06:23.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#918987",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/918987/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
            },
            {
              "name": "USN-4115-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4115-1/"
            },
            {
              "name": "USN-4118-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4118-1/"
            },
            {
              "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
            },
            {
              "name": "USN-4147-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4147-1/"
            },
            {
              "name": "RHSA-2019:2975",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2975"
            },
            {
              "name": "openSUSE-SU-2019:2307",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2019:2308",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
            },
            {
              "name": "RHSA-2019:3076",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3076"
            },
            {
              "name": "RHSA-2019:3055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3055"
            },
            {
              "name": "RHSA-2019:3089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3089"
            },
            {
              "name": "RHSA-2019:3187",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3187"
            },
            {
              "name": "RHSA-2019:3165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3165"
            },
            {
              "name": "RHSA-2019:3217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3217"
            },
            {
              "name": "RHSA-2019:3220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3220"
            },
            {
              "name": "RHSA-2019:3231",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3231"
            },
            {
              "name": "RHSA-2019:3218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3218"
            },
            {
              "name": "RHSA-2019:3309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3309"
            },
            {
              "name": "RHSA-2019:3517",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3517"
            },
            {
              "name": "RHSA-2020:0204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0204"
            }
          ],
          "source": {
            "advisory": "VU#918987",
            "defect": [
              "VU#918987"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
          "workarounds": [
            {
              "lang": "en",
              "value": "Bluetooth SIG Expedited Errata Correction 11838"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "KNOB",
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-08-14",
              "ID": "CVE-2019-9506",
              "STATE": "PUBLIC",
              "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BR/EDR",
                          "version": {
                            "version_data": [
                              {
                                "platform": "N/A",
                                "version_affected": "\u003c=",
                                "version_name": "5.1",
                                "version_value": "5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bluetooth"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-310 Cryptographic Issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#918987",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/918987/"
                },
                {
                  "name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
                  "refsource": "MISC",
                  "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
                },
                {
                  "name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
                  "refsource": "MISC",
                  "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
                },
                {
                  "name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
                  "refsource": "CONFIRM",
                  "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
                },
                {
                  "name": "USN-4115-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4115-1/"
                },
                {
                  "name": "USN-4118-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4118-1/"
                },
                {
                  "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
                },
                {
                  "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
                },
                {
                  "name": "USN-4147-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4147-1/"
                },
                {
                  "name": "RHSA-2019:2975",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2975"
                },
                {
                  "name": "openSUSE-SU-2019:2307",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
                },
                {
                  "name": "openSUSE-SU-2019:2308",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
                },
                {
                  "name": "RHSA-2019:3076",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3076"
                },
                {
                  "name": "RHSA-2019:3055",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3055"
                },
                {
                  "name": "RHSA-2019:3089",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3089"
                },
                {
                  "name": "RHSA-2019:3187",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3187"
                },
                {
                  "name": "RHSA-2019:3165",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3165"
                },
                {
                  "name": "RHSA-2019:3217",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3217"
                },
                {
                  "name": "RHSA-2019:3220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3220"
                },
                {
                  "name": "RHSA-2019:3231",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3231"
                },
                {
                  "name": "RHSA-2019:3218",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3218"
                },
                {
                  "name": "RHSA-2019:3309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3309"
                },
                {
                  "name": "RHSA-2019:3517",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3517"
                },
                {
                  "name": "RHSA-2020:0204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0204"
                }
              ]
            },
            "source": {
              "advisory": "VU#918987",
              "defect": [
                "VU#918987"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Bluetooth SIG Expedited Errata Correction 11838"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9506",
        "datePublished": "2019-08-14T16:27:45.059Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:13.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9235 (GCVE-0-2020-9235)

    Vulnerability from cvelistv5 – Published: 2020-09-03 18:04 – Updated: 2024-08-04 10:19
    VLAI
    Summary
    Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a HONOR 20 PRO;Honor View 20;OxfordS-AN00A;Princeton-AL10B;Princeton-AL10D;Princeton-TL10C;Tony-AL00B;Yale-AL00A;Yale-L21A;Yale-L61A Affected: Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1)
    Affected: Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3)
    Affected: Versions earlier than 10.1.0.212(C00E210R5P1)
    Affected: Versions earlier than 10.1.0.160(C00E160R2P11)
    Affected: Versions earlier than 10.1.0.160(C01E160R2P11)
    Affected: Versions earlier than 10.1.0.160(C00E160R8P12)
    Affected: Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1)
    Affected: Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:20.123Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HONOR 20 PRO;Honor View 20;OxfordS-AN00A;Princeton-AL10B;Princeton-AL10D;Princeton-TL10C;Tony-AL00B;Yale-AL00A;Yale-L21A;Yale-L61A",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.212(C00E210R5P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.160(C00E160R2P11)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.160(C01E160R2P11)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.160(C00E160R8P12)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T18:04:26.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2020-9235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HONOR 20 PRO;Honor View 20;OxfordS-AN00A;Princeton-AL10B;Princeton-AL10D;Princeton-TL10C;Tony-AL00B;Yale-AL00A;Yale-L21A;Yale-L61A",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.212(C00E210R5P1)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C01E160R2P11)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.160(C00E160R8P12)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1)"
                              },
                              {
                                "version_value": "Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2020-9235",
        "datePublished": "2020-09-03T18:04:26.000Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:19:20.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5235 (GCVE-0-2019-5235)

    Vulnerability from cvelistv5 – Published: 2019-12-13 23:09 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
    Severity
    No CVSS data available.
    CWE
    • null pointer dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B Affected: Version
    Affected: 9.1.0.206(C00E205R3P1)
    Affected: 9.0.1.5(C735R1)
    Affected: 9.1.0.1(C00R3)
    Affected: 9.1.0.206
    Affected: 9.0.1.162(C01E160R2P3)
    Affected: 8.2.0.170(C861)
    Affected: 8.2.0.188(C00R2P1)
    Affected: 8.2.0.163(C605)
    Affected: 8.2.0.160(C185)
    Affected: 8.2.0.156(C636R2P2)
    Affected: 8.2.0.152(C45CUSTC45D1)
    Affected: 8.2.0.162(C605)
    Affected: 8.2.0.175(C00R2P4)
    Affected: 8.2.0.190(C788R1P16)
    Affected: 8.2.0.161(C675CUSTC675D1)
    Affected: 8.2.0.165(C00R1P16)
    Affected: 8.2.0.130(C461R1P1)
    Affected: 8.2.0.130(C652CUSTC652D1)
    Affected: 8.2.0.131(C10R2P2)
    Affected: 8.2.0.136(C432CUSTC432D1)
    Affected: 8.2.0.101(C10CUSTC10D1)
    Affected: 8.2.0.101(C432CUSTC432D1)
    Affected: 8.2.0.131(C55CUSTC55D1)
    Affected: 8.2.0.105(C185R1P1)
    Affected: 8.2.0.107(C636R2P1)
    Affected: 8.2.0.103(C652CUSTC652D1)
    Affected: 8.2.0.105(C185R2P1)
    Affected: 8.2.0.130(C636CUSTC636D2)
    Affected: 8.2.0.133(C605CUSTC605D1)
    Affected: 8.2.0.155(C675R2P1)
    Affected: 8.2.0.110(C652CUSTC652D1)
    Affected: 8.2.0.100(C541CUSTC541D1)
    Affected: 8.2.0.165(C01R1P16)
    Affected: 9.1.0.208(C00E205R3P1)
    Affected: 9.1.0.162(C00E160R2P1)
    Affected: 9.1.0.12(C00R1)
    Affected: 9.1.0.4(C735R1)
    Affected: 9.1.0.162
    Affected: 9.1.0.161
    Affected: 9.1.0.162(C01E160R2P1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.874Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.206(C00E205R3P1)"
                },
                {
                  "status": "affected",
                  "version": "9.0.1.5(C735R1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.1(C00R3)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.206"
                },
                {
                  "status": "affected",
                  "version": "9.0.1.162(C01E160R2P3)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.170(C861)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.188(C00R2P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.163(C605)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.160(C185)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.156(C636R2P2)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.152(C45CUSTC45D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.162(C605)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.175(C00R2P4)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.190(C788R1P16)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.161(C675CUSTC675D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.165(C00R1P16)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.130(C461R1P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.130(C652CUSTC652D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.131(C10R2P2)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.136(C432CUSTC432D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.101(C10CUSTC10D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.101(C432CUSTC432D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.131(C55CUSTC55D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.105(C185R1P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.107(C636R2P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.103(C652CUSTC652D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.105(C185R2P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.130(C636CUSTC636D2)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.133(C605CUSTC605D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.155(C675R2P1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.110(C652CUSTC652D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.100(C541CUSTC541D1)"
                },
                {
                  "status": "affected",
                  "version": "8.2.0.165(C01R1P16)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.208(C00E205R3P1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.162(C00E160R2P1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.12(C00R1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.4(C735R1)"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.162"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.161"
                },
                {
                  "status": "affected",
                  "version": "9.1.0.162(C01E160R2P1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "null pointer dereference",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T23:09:32.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version"
                              },
                              {
                                "version_value": "9.1.0.206(C00E205R3P1)"
                              },
                              {
                                "version_value": "9.0.1.5(C735R1)"
                              },
                              {
                                "version_value": "9.1.0.1(C00R3)"
                              },
                              {
                                "version_value": "9.1.0.206(C00E205R3P1)"
                              },
                              {
                                "version_value": "9.1.0.206"
                              },
                              {
                                "version_value": "9.0.1.162(C01E160R2P3)"
                              },
                              {
                                "version_value": "8.2.0.170(C861)"
                              },
                              {
                                "version_value": "8.2.0.188(C00R2P1)"
                              },
                              {
                                "version_value": "8.2.0.163(C605)"
                              },
                              {
                                "version_value": "8.2.0.160(C185)"
                              },
                              {
                                "version_value": "8.2.0.156(C636R2P2)"
                              },
                              {
                                "version_value": "8.2.0.152(C45CUSTC45D1)"
                              },
                              {
                                "version_value": "8.2.0.162(C605)"
                              },
                              {
                                "version_value": "8.2.0.175(C00R2P4)"
                              },
                              {
                                "version_value": "8.2.0.190(C788R1P16)"
                              },
                              {
                                "version_value": "8.2.0.161(C675CUSTC675D1)"
                              },
                              {
                                "version_value": "8.2.0.165(C00R1P16)"
                              },
                              {
                                "version_value": "8.2.0.130(C461R1P1)"
                              },
                              {
                                "version_value": "8.2.0.130(C652CUSTC652D1)"
                              },
                              {
                                "version_value": "8.2.0.131(C10R2P2)"
                              },
                              {
                                "version_value": "8.2.0.136(C432CUSTC432D1)"
                              },
                              {
                                "version_value": "8.2.0.101(C10CUSTC10D1)"
                              },
                              {
                                "version_value": "8.2.0.101(C432CUSTC432D1)"
                              },
                              {
                                "version_value": "8.2.0.131(C55CUSTC55D1)"
                              },
                              {
                                "version_value": "8.2.0.105(C185R1P1)"
                              },
                              {
                                "version_value": "8.2.0.107(C636R2P1)"
                              },
                              {
                                "version_value": "8.2.0.103(C652CUSTC652D1)"
                              },
                              {
                                "version_value": "8.2.0.105(C185R2P1)"
                              },
                              {
                                "version_value": "8.2.0.107(C636R2P1)"
                              },
                              {
                                "version_value": "8.2.0.130(C636CUSTC636D2)"
                              },
                              {
                                "version_value": "8.2.0.133(C605CUSTC605D1)"
                              },
                              {
                                "version_value": "8.2.0.155(C675R2P1)"
                              },
                              {
                                "version_value": "8.2.0.155(C675R2P1)"
                              },
                              {
                                "version_value": "8.2.0.110(C652CUSTC652D1)"
                              },
                              {
                                "version_value": "8.2.0.155(C675R2P1)"
                              },
                              {
                                "version_value": "8.2.0.100(C541CUSTC541D1)"
                              },
                              {
                                "version_value": "8.2.0.165(C01R1P16)"
                              },
                              {
                                "version_value": "8.2.0.100(C541CUSTC541D1)"
                              },
                              {
                                "version_value": "9.1.0.208(C00E205R3P1)"
                              },
                              {
                                "version_value": "9.1.0.208(C00E205R3P1)"
                              },
                              {
                                "version_value": "9.1.0.162(C00E160R2P1)"
                              },
                              {
                                "version_value": "9.1.0.12(C00R1)"
                              },
                              {
                                "version_value": "9.1.0.4(C735R1)"
                              },
                              {
                                "version_value": "9.1.0.162(C00E160R2P1)"
                              },
                              {
                                "version_value": "9.1.0.12(C00R1)"
                              },
                              {
                                "version_value": "9.1.0.162"
                              },
                              {
                                "version_value": "9.1.0.161"
                              },
                              {
                                "version_value": "9.1.0.162(C01E160R2P1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "null pointer dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5235",
        "datePublished": "2019-12-13T23:09:32.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.874Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9506 (GCVE-0-2019-9506)

    Vulnerability from cvelistv5 – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
    VLAI
    Title
    Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
    Summary
    The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
    CWE
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/918987/ third-party-advisoryx_refsource_CERT-VN
    http://www.cs.ox.ac.uk/publications/publication12… x_refsource_MISC
    https://www.usenix.org/conference/usenixsecurity1… x_refsource_MISC
    https://www.bluetooth.com/security/statement-key-… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Aug/14 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/13 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/15 mailing-listx_refsource_FULLDISC
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    https://usn.ubuntu.com/4115-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4118-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4147-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:2975 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2019:3076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3231 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3517 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0204 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Bluetooth BR/EDR Affected: 5.1 , ≤ 5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-08-14 00:00
    Credits
    Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#918987",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/918987/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
              },
              {
                "name": "USN-4115-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4115-1/"
              },
              {
                "name": "USN-4118-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4118-1/"
              },
              {
                "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
              },
              {
                "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
              },
              {
                "name": "USN-4147-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4147-1/"
              },
              {
                "name": "RHSA-2019:2975",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2975"
              },
              {
                "name": "openSUSE-SU-2019:2307",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
              },
              {
                "name": "openSUSE-SU-2019:2308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
              },
              {
                "name": "RHSA-2019:3076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3076"
              },
              {
                "name": "RHSA-2019:3055",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3055"
              },
              {
                "name": "RHSA-2019:3089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
              },
              {
                "name": "RHSA-2019:3187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3187"
              },
              {
                "name": "RHSA-2019:3165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3165"
              },
              {
                "name": "RHSA-2019:3217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3217"
              },
              {
                "name": "RHSA-2019:3220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3220"
              },
              {
                "name": "RHSA-2019:3231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3231"
              },
              {
                "name": "RHSA-2019:3218",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3218"
              },
              {
                "name": "RHSA-2019:3309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3309"
              },
              {
                "name": "RHSA-2019:3517",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3517"
              },
              {
                "name": "RHSA-2020:0204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0204"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "N/A"
              ],
              "product": "BR/EDR",
              "vendor": "Bluetooth",
              "versions": [
                {
                  "lessThanOrEqual": "5.1",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
            }
          ],
          "datePublic": "2019-08-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CWE-310 Cryptographic Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-30T10:06:23.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#918987",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/918987/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
            },
            {
              "name": "USN-4115-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4115-1/"
            },
            {
              "name": "USN-4118-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4118-1/"
            },
            {
              "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
            },
            {
              "name": "USN-4147-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4147-1/"
            },
            {
              "name": "RHSA-2019:2975",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2975"
            },
            {
              "name": "openSUSE-SU-2019:2307",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2019:2308",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
            },
            {
              "name": "RHSA-2019:3076",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3076"
            },
            {
              "name": "RHSA-2019:3055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3055"
            },
            {
              "name": "RHSA-2019:3089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3089"
            },
            {
              "name": "RHSA-2019:3187",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3187"
            },
            {
              "name": "RHSA-2019:3165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3165"
            },
            {
              "name": "RHSA-2019:3217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3217"
            },
            {
              "name": "RHSA-2019:3220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3220"
            },
            {
              "name": "RHSA-2019:3231",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3231"
            },
            {
              "name": "RHSA-2019:3218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3218"
            },
            {
              "name": "RHSA-2019:3309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3309"
            },
            {
              "name": "RHSA-2019:3517",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3517"
            },
            {
              "name": "RHSA-2020:0204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0204"
            }
          ],
          "source": {
            "advisory": "VU#918987",
            "defect": [
              "VU#918987"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
          "workarounds": [
            {
              "lang": "en",
              "value": "Bluetooth SIG Expedited Errata Correction 11838"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "KNOB",
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-08-14",
              "ID": "CVE-2019-9506",
              "STATE": "PUBLIC",
              "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BR/EDR",
                          "version": {
                            "version_data": [
                              {
                                "platform": "N/A",
                                "version_affected": "\u003c=",
                                "version_name": "5.1",
                                "version_value": "5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bluetooth"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-310 Cryptographic Issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#918987",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/918987/"
                },
                {
                  "name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
                  "refsource": "MISC",
                  "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
                },
                {
                  "name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
                  "refsource": "MISC",
                  "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
                },
                {
                  "name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
                  "refsource": "CONFIRM",
                  "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
                },
                {
                  "name": "USN-4115-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4115-1/"
                },
                {
                  "name": "USN-4118-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4118-1/"
                },
                {
                  "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
                },
                {
                  "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
                },
                {
                  "name": "USN-4147-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4147-1/"
                },
                {
                  "name": "RHSA-2019:2975",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2975"
                },
                {
                  "name": "openSUSE-SU-2019:2307",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
                },
                {
                  "name": "openSUSE-SU-2019:2308",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
                },
                {
                  "name": "RHSA-2019:3076",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3076"
                },
                {
                  "name": "RHSA-2019:3055",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3055"
                },
                {
                  "name": "RHSA-2019:3089",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3089"
                },
                {
                  "name": "RHSA-2019:3187",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3187"
                },
                {
                  "name": "RHSA-2019:3165",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3165"
                },
                {
                  "name": "RHSA-2019:3217",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3217"
                },
                {
                  "name": "RHSA-2019:3220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3220"
                },
                {
                  "name": "RHSA-2019:3231",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3231"
                },
                {
                  "name": "RHSA-2019:3218",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3218"
                },
                {
                  "name": "RHSA-2019:3309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3309"
                },
                {
                  "name": "RHSA-2019:3517",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3517"
                },
                {
                  "name": "RHSA-2020:0204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0204"
                }
              ]
            },
            "source": {
              "advisory": "VU#918987",
              "defect": [
                "VU#918987"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Bluetooth SIG Expedited Errata Correction 11838"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9506",
        "datePublished": "2019-08-14T16:27:45.059Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:13.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }