CVE-2019-17520

medium

Description

The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.

References

https://www.youtube.com/watch?v=Iw8sIBLWE_w

https://asset-group.github.io/disclosures/sweyntooth/

http://www.ti.com/tool/LAUNCHXL-CC2640R2

Details

Source: Mitre, NVD

Published: 2020-02-10

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00151