GCVE - cpe:2.3:a:nordicsemi:dfu_library:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nordicsemi:dfu_library:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Nordicsemi (`c5249900-47b3-531e-9646-07dc65fd54f4`)
Product	Dfu Library (`928bb5da-1466-5d2b-8c96-e05fef05e99d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/nordicsemiconductor/android-dfu-library`	purl2cpe	2026-06-01 10:11:26.825458

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-15509`	vulnerable	2026-06-08 05:19:26.018375	Details available Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). Published: 2020-07-07T13:56:47.000Z Updated: 2024-08-04T13:15:20.766Z Open on db.gcve.eu Reference links https://github.com/NordicSemiconductor/Android-BLE-Library/commits/master https://github.com/NordicSemiconductor/Android-DFU-Library/commits/release https://secretdiary.ninja/index.php/2020/07/03/norec-attack-stripping-ble-encryption-from-nordicsemis-android-library-cve-2020-15509/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.