Homepage

bthome-ble@3.14.2 vulnerabilities

BThome BLE support

  • latest version

    3.19.1

  • latest non vulnerable version

    3.19.1

  • first published

    3 years ago

  • latest version published

    1 months ago

  • licenses detected

  • View bthome-ble package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the bthome-ble package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

    bthome-ble is a BThome BLE support

    Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') due to insufficient enforcement of encryption requirements in the _parse_bthome_v1 and _parse_bthome_v2 functions in src/bthome_ble/parser.py. An attacker can impersonate a device by sending plaintext BLE advertisements when a bindkey is configured.

    How to fix Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')?

    Upgrade bthome-ble to version 3.15.1 or higher.

    [,3.15.1)
    Go back to all versions of this package