CVE-2020-15509
- Source
- https://cve.org/CVERecord?id=CVE-2020-15509
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15509.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-15509
- Published
- 2020-07-07T14:15:11.380Z
- Modified
- 2026-04-10T04:23:09.222471Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).
- References
Affected packages
Git / github.com/nordicsemiconductor/android-dfu-library
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nordicsemiconductor/android-dfu-library
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.2.1" }, { "introduced": "0" }, { "last_affected": "1.10.4" } ] }
Affected versions
1.*
1.12.0
1.12.1-beta01
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.0
2.2.1
v.*
v.2.0.1
v0.*
v0.6.3
v1.*
v1.0.0_Secure_dfu
v1.0.1_Secure_dfu
v1.0.2_Secure_dfu
v1.0.3_Secure_dfu
v1.0.4_Secure_dfu
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.11.0
v1.11.1
v1.2.0
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.7.0
v1.8.0
v1.8.1
v1.9.0
v1.9.2