Vulnerabilites related to bluez - bluez
cve-2023-51580
Vulnerability from cvelistv5
Published
2024-05-03 02:15
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1903/ | x_research-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "5.66", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-51580", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-03T16:03:03.098816Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:20:30.225Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T22:40:33.778Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-1903", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1903/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.66", }, ], }, ], dateAssigned: "2023-12-20T14:45:49.294-06:00", datePublic: "2023-12-21T18:05:10.180-06:00", descriptions: [ { lang: "en", value: "BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T02:15:12.492Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-1903", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1903/", }, ], source: { lang: "en", value: "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative", }, title: "BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-51580", datePublished: "2024-05-03T02:15:12.492Z", dateReserved: "2023-12-20T20:38:20.868Z", dateUpdated: "2024-08-02T22:40:33.778Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9804
Vulnerability from cvelistv5
Published
2016-12-03 06:28
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/linux-bluetooth/msg68892.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94652 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:03.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94652", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-03T00:00:00", descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"commands_dump\" function in \"tools/parser/csr.c\" source file. The issue exists because \"commands\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"frm->ptr\" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94652", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9804", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ 5.42, a buffer overflow was observed in \"commands_dump\" function in \"tools/parser/csr.c\" source file. The issue exists because \"commands\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"frm->ptr\" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", refsource: "BID", url: "http://www.securityfocus.com/bid/94652", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9804", datePublished: "2016-12-03T06:28:00", dateReserved: "2016-12-03T00:00:00", dateUpdated: "2024-08-06T02:59:03.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43400
Vulnerability from cvelistv5
Published
2021-11-04 00:00
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:55:28.752Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-43400", datePublished: "2021-11-04T00:00:00", dateReserved: "2021-11-04T00:00:00", dateUpdated: "2024-08-04T03:55:28.752Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3658
Vulnerability from cvelistv5
Published
2022-03-02 22:11
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 | x_refsource_MISC | |
| https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1984728 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220407-0002/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:08.323Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1984728", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220407-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "bluez", vendor: "n/a", versions: [ { status: "affected", version: "Fixedin - 5.61 and above.", }, ], }, ], descriptions: [ { lang: "en", value: "bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-07T23:14:58", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1984728", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220407-0002/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3658", datePublished: "2022-03-02T22:11:05", dateReserved: "2021-07-22T00:00:00", dateUpdated: "2024-08-03T17:01:08.323Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9802
Vulnerability from cvelistv5
Published
2016-12-03 06:28
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/linux-bluetooth/msg68898.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94652 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:03.553Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94652", }, { name: "openSUSE-SU-2019:1476", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-03T00:00:00", descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer over-read was identified in \"l2cap_packet\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-30T11:06:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94652", }, { name: "openSUSE-SU-2019:1476", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9802", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ 5.42, a buffer over-read was identified in \"l2cap_packet\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, { name: "94652", refsource: "BID", url: "http://www.securityfocus.com/bid/94652", }, { name: "openSUSE-SU-2019:1476", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9802", datePublished: "2016-12-03T06:28:00", dateReserved: "2016-12-03T00:00:00", dateUpdated: "2024-08-06T02:59:03.553Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9801
Vulnerability from cvelistv5
Published
2016-12-03 06:28
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/linux-bluetooth/msg68892.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94652 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:03.524Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94652", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-03T00:00:00", descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"set_ext_ctrl\" function in \"tools/parser/l2cap.c\" source file when processing corrupted dump file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94652", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9801", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ 5.42, a buffer overflow was observed in \"set_ext_ctrl\" function in \"tools/parser/l2cap.c\" source file when processing corrupted dump file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", refsource: "BID", url: "http://www.securityfocus.com/bid/94652", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9801", datePublished: "2016-12-03T06:28:00", dateReserved: "2016-12-03T00:00:00", dateUpdated: "2024-08-06T02:59:03.524Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9797
Vulnerability from cvelistv5
Published
2016-12-03 06:28
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/linux-bluetooth/msg68892.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94652 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:03.447Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94652", }, { name: "openSUSE-SU-2019:1476", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-03T00:00:00", descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer over-read was observed in \"l2cap_dump\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-30T11:06:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94652", }, { name: "openSUSE-SU-2019:1476", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9797", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ 5.42, a buffer over-read was observed in \"l2cap_dump\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", refsource: "BID", url: "http://www.securityfocus.com/bid/94652", }, { name: "openSUSE-SU-2019:1476", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9797", datePublished: "2016-12-03T06:28:00", dateReserved: "2016-12-03T00:00:00", dateUpdated: "2024-08-06T02:59:03.447Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9799
Vulnerability from cvelistv5
Published
2016-12-03 06:28
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/linux-bluetooth/msg68898.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94652 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:03.566Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94652", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-03T00:00:00", descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"pklg_read_hci\" function in \"btsnoop.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94652", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9799", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ 5.42, a buffer overflow was observed in \"pklg_read_hci\" function in \"btsnoop.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, { name: "94652", refsource: "BID", url: "http://www.securityfocus.com/bid/94652", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9799", datePublished: "2016-12-03T06:28:00", dateReserved: "2016-12-03T00:00:00", dateUpdated: "2024-08-06T02:59:03.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39177
Vulnerability from cvelistv5
Published
2022-09-02 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:00:42.492Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5481-1", }, { tags: [ "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221020-0002/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://ubuntu.com/security/notices/USN-5481-1", }, { url: "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", }, { url: "https://security.netapp.com/advisory/ntap-20221020-0002/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-39177", datePublished: "2022-09-02T00:00:00", dateReserved: "2022-09-02T00:00:00", dateUpdated: "2024-08-03T12:00:42.492Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3637
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2025-04-15 13:24
Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:14:03.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f", }, { tags: [ "x_transferred", ], url: "https://vuldb.com/?id.211936", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-3637", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T17:07:44.889312Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-15T13:24:57.854Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Kernel", vendor: "Linux", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-404", description: "CWE-404 Denial of Service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-21T00:00:00.000Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f", }, { url: "https://vuldb.com/?id.211936", }, ], title: "Linux Kernel BlueZ jlink.c jlink_init denial of service", x_generator: "vuldb.com", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2022-3637", datePublished: "2022-10-21T00:00:00.000Z", dateReserved: "2022-10-21T00:00:00.000Z", dateUpdated: "2025-04-15T13:24:57.854Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39176
Vulnerability from cvelistv5
Published
2022-09-02 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:00:42.462Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5481-1", }, { tags: [ "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221020-0002/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://ubuntu.com/security/notices/USN-5481-1", }, { url: "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", }, { url: "https://security.netapp.com/advisory/ntap-20221020-0002/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-39176", datePublished: "2022-09-02T00:00:00", dateReserved: "2022-09-02T00:00:00", dateUpdated: "2024-08-03T12:00:42.462Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-24490
Vulnerability from cvelistv5
Published
2021-02-02 21:29
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BlueZ Advisory |
Version: all Linux kernel versions that support BlueZ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:12:08.713Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BlueZ Advisory", vendor: "n/a", versions: [ { status: "affected", version: "all Linux kernel versions that support BlueZ", }, ], }, ], descriptions: [ { lang: "en", value: "Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.", }, ], problemTypes: [ { descriptions: [ { description: "denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-02T21:29:59", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2020-24490", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BlueZ Advisory", version: { version_data: [ { version_value: "all Linux kernel versions that support BlueZ", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "denial of service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html", refsource: "CONFIRM", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2020-24490", datePublished: "2021-02-02T21:29:59", dateReserved: "2020-08-19T00:00:00", dateUpdated: "2024-08-04T15:12:08.713Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3563
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2025-04-15 13:27
Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:14:01.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e", }, { tags: [ "x_transferred", ], url: "https://vuldb.com/?id.211086", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-3563", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-14T17:08:37.024631Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-15T13:27:03.066Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Kernel", vendor: "Linux", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-404", description: "CWE-404 Denial of Service -> CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-17T00:00:00.000Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e", }, { url: "https://vuldb.com/?id.211086", }, ], title: "Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference", x_generator: "vuldb.com", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2022-3563", datePublished: "2022-10-17T00:00:00.000Z", dateReserved: "2022-10-17T00:00:00.000Z", dateUpdated: "2025-04-15T13:27:03.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51596
Vulnerability from cvelistv5
Published
2024-05-03 02:15
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1902/ | x_research-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "5.66", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-51596", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-30T19:27:08.405069Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:20:29.419Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T22:40:33.961Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-1902", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1902/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.66", }, ], }, ], dateAssigned: "2023-12-20T14:45:49.405-06:00", datePublic: "2023-12-21T18:05:05.106-06:00", descriptions: [ { lang: "en", value: "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T02:15:24.617Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-1902", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1902/", }, ], source: { lang: "en", value: "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative", }, title: "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-51596", datePublished: "2024-05-03T02:15:24.617Z", dateReserved: "2023-12-20T20:38:20.871Z", dateUpdated: "2024-08-02T22:40:33.961Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-8921
Vulnerability from cvelistv5
Published
2021-11-29 00:00
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:31:37.641Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211203-0002/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/", }, { url: "https://security.netapp.com/advisory/ntap-20211203-0002/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-8921", datePublished: "2021-11-29T00:00:00", dateReserved: "2019-02-18T00:00:00", dateUpdated: "2024-08-04T21:31:37.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41229
Vulnerability from cvelistv5
Published
2021-11-12 00:00
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:08:31.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq", }, { name: "[debian-lts-announce] 20211127 [SECURITY] [DLA 2827-1] bluez security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211203-0004/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "= 5.58", }, ], }, ], descriptions: [ { lang: "en", value: "BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-24T00:00:00", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq", }, { name: "[debian-lts-announce] 20211127 [SECURITY] [DLA 2827-1] bluez security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html", }, { url: "https://security.netapp.com/advisory/ntap-20211203-0004/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], source: { advisory: "GHSA-3fqg-r8j5-f5xq", discovery: "UNKNOWN", }, title: "Memory leak in BlueZ", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-41229", datePublished: "2021-11-12T00:00:00", dateReserved: "2021-09-15T00:00:00", dateUpdated: "2024-08-04T03:08:31.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9803
Vulnerability from cvelistv5
Published
2016-12-03 06:28
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/linux-bluetooth/msg68892.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94652 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:03.576Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94652", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-03T00:00:00", descriptions: [ { lang: "en", value: "In BlueZ 5.42, an out-of-bounds read was observed in \"le_meta_ev_dump\" function in \"tools/parser/hci.c\" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94652", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9803", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ 5.42, an out-of-bounds read was observed in \"le_meta_ev_dump\" function in \"tools/parser/hci.c\" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", refsource: "BID", url: "http://www.securityfocus.com/bid/94652", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9803", datePublished: "2016-12-03T06:28:00", dateReserved: "2016-12-03T00:00:00", dateUpdated: "2024-08-06T02:59:03.576Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51592
Vulnerability from cvelistv5
Published
2024-05-03 02:15
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1905/ | x_research-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "5.66", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-51592", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-17T17:28:42.752592Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-30T14:57:56.283Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T22:40:33.821Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-1905", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1905/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.66", }, ], }, ], dateAssigned: "2023-12-20T14:45:49.377-06:00", datePublic: "2023-12-21T18:05:20.533-06:00", descriptions: [ { lang: "en", value: "BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T02:15:21.536Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-1905", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1905/", }, ], source: { lang: "en", value: "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative", }, title: "BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-51592", datePublished: "2024-05-03T02:15:21.536Z", dateReserved: "2023-12-20T20:38:20.870Z", dateUpdated: "2024-08-02T22:40:33.821Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0129
Vulnerability from cvelistv5
Published
2021-06-09 19:50
Modified
2024-08-03 15:32
Severity ?
EPSS score ?
Summary
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210716-0002/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2021/dsa-4951 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202209-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:32:09.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { name: "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210716-0002/", }, { name: "DSA-4951", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4951", }, { name: "GLSA-202209-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BlueZ", vendor: "n/a", versions: [ { status: "affected", version: "See references", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.", }, ], problemTypes: [ { descriptions: [ { description: "information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:23", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { name: "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210716-0002/", }, { name: "DSA-4951", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4951", }, { name: "GLSA-202209-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2021-0129", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BlueZ", version: { version_data: [ { version_value: "See references", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html", refsource: "MISC", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { name: "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html", }, { name: "https://security.netapp.com/advisory/ntap-20210716-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210716-0002/", }, { name: "DSA-4951", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4951", }, { name: "GLSA-202209-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2021-0129", datePublished: "2021-06-09T19:50:59", dateReserved: "2020-10-22T00:00:00", dateUpdated: "2024-08-03T15:32:09.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0204
Vulnerability from cvelistv5
Published
2022-03-09 00:00
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:18:42.545Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039807", }, { tags: [ "x_transferred", ], url: "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q", }, { tags: [ "x_transferred", ], url: "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0", }, { name: "GLSA-202209-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-16", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "bluez", vendor: "n/a", versions: [ { status: "affected", version: "bluez versions prior to 5.63", }, ], }, ], descriptions: [ { lang: "en", value: "A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-24T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039807", }, { url: "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q", }, { url: "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0", }, { name: "GLSA-202209-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202209-16", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-0204", datePublished: "2022-03-09T00:00:00", dateReserved: "2022-01-12T00:00:00", dateUpdated: "2024-08-02T23:18:42.545Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9917
Vulnerability from cvelistv5
Published
2016-12-08 08:08
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/linux-bluetooth/msg68892.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95013 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:07:31.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "95013", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95013", }, { name: "openSUSE-SU-2019:1476", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-08T00:00:00", descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"read_n\" function in \"tools/hcidump.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-30T11:06:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "95013", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95013", }, { name: "openSUSE-SU-2019:1476", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9917", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ 5.42, a buffer overflow was observed in \"read_n\" function in \"tools/hcidump.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "95013", refsource: "BID", url: "http://www.securityfocus.com/bid/95013", }, { name: "openSUSE-SU-2019:1476", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9917", datePublished: "2016-12-08T08:08:00", dateReserved: "2016-12-08T00:00:00", dateUpdated: "2024-08-06T03:07:31.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-8922
Vulnerability from cvelistv5
Published
2021-11-29 00:00
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:31:37.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211203-0002/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/", }, { url: "https://security.netapp.com/advisory/ntap-20211203-0002/", }, { name: "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-8922", datePublished: "2021-11-29T00:00:00", dateReserved: "2019-02-18T00:00:00", dateUpdated: "2024-08-04T21:31:37.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9800
Vulnerability from cvelistv5
Published
2016-12-03 06:28
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/linux-bluetooth/msg68892.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94652 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:03.441Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94652", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-03T00:00:00", descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"pin_code_reply_dump\" function in \"tools/parser/hci.c\" source file. The issue exists because \"pin\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"pin_code_reply_cp *cp\" parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94652", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9800", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ 5.42, a buffer overflow was observed in \"pin_code_reply_dump\" function in \"tools/parser/hci.c\" source file. The issue exists because \"pin\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"pin_code_reply_cp *cp\" parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", refsource: "BID", url: "http://www.securityfocus.com/bid/94652", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9800", datePublished: "2016-12-03T06:28:00", dateReserved: "2016-12-03T00:00:00", dateUpdated: "2024-08-06T02:59:03.441Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1000250
Vulnerability from cvelistv5
Published
2017-09-12 17:00
Modified
2024-08-05 22:00
Severity ?
EPSS score ?
Summary
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/vulnerabilities/blueborne | x_refsource_CONFIRM | |
| https://www.armis.com/blueborne | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-3972 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100814 | vdb-entry, x_refsource_BID | |
| http://nvidia.custhelp.com/app/answers/detail/a_id/4561 | x_refsource_CONFIRM | |
| https://www.kb.cert.org/vuls/id/240311 | third-party-advisory, x_refsource_CERT-VN | |
| https://access.redhat.com/errata/RHSA-2017:2685 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:00:39.877Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/blueborne", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.armis.com/blueborne", }, { name: "DSA-3972", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3972", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", }, { name: "100814", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100814", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { name: "VU#240311", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/240311", }, { name: "RHSA-2017:2685", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2685", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2017-09-08T00:00:00", datePublic: "2017-09-12T00:00:00", descriptions: [ { lang: "en", value: "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-16T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/security/vulnerabilities/blueborne", }, { tags: [ "x_refsource_MISC", ], url: "https://www.armis.com/blueborne", }, { name: "DSA-3972", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3972", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", }, { name: "100814", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100814", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { name: "VU#240311", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/240311", }, { name: "RHSA-2017:2685", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2685", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2017-09-08", ID: "CVE-2017-1000250", REQUESTER: "security@armis.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/security/vulnerabilities/blueborne", refsource: "CONFIRM", url: "https://access.redhat.com/security/vulnerabilities/blueborne", }, { name: "https://www.armis.com/blueborne", refsource: "MISC", url: "https://www.armis.com/blueborne", }, { name: "DSA-3972", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3972", }, { name: "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", refsource: "CONFIRM", url: "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", }, { name: "100814", refsource: "BID", url: "http://www.securityfocus.com/bid/100814", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { name: "VU#240311", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/240311", }, { name: "RHSA-2017:2685", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2685", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-1000250", datePublished: "2017-09-12T17:00:00", dateReserved: "2017-09-12T00:00:00", dateUpdated: "2024-08-05T22:00:39.877Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44431
Vulnerability from cvelistv5
Published
2024-05-03 02:13
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1900/ | x_research-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "5.66", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-44431", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-03T20:42:18.336421Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:19:31.989Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T20:07:33.101Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-1900", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1900/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.66", }, ], }, ], dateAssigned: "2023-09-28T13:14:48.263-05:00", datePublic: "2023-12-21T18:04:52.763-06:00", descriptions: [ { lang: "en", value: "BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T02:13:57.617Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-1900", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1900/", }, ], source: { lang: "en", value: "Anonymous", }, title: "BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-44431", datePublished: "2024-05-03T02:13:57.617Z", dateReserved: "2023-09-28T18:02:49.772Z", dateUpdated: "2024-08-02T20:07:33.101Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50229
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1811/ | x_research-advisory | |
| https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443 | vendor-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "5.66", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-50229", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-05T14:55:35.245262Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T14:57:12.121Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T22:09:49.678Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-1811", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1811/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.66", }, ], }, ], dateAssigned: "2023-12-05T13:37:59.726-06:00", datePublic: "2023-12-20T03:54:59.369-06:00", descriptions: [ { lang: "en", value: "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T02:14:46.646Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-1811", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1811/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", ], url: "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443", }, ], source: { lang: "en", value: "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative", }, title: "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-50229", datePublished: "2024-05-03T02:14:46.646Z", dateReserved: "2023-12-05T16:15:17.545Z", dateUpdated: "2024-08-02T22:09:49.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8805
Vulnerability from cvelistv5
Published
2024-11-22 21:02
Modified
2024-12-05 14:42
Severity ?
EPSS score ?
Summary
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1229/ | x_research-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:5.77:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "5.77", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8805", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-26T15:15:28.447300Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-05T14:42:11.502Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.77", }, ], }, ], dateAssigned: "2024-09-13T12:57:29.700-05:00", datePublic: "2024-09-17T11:05:38.915-05:00", descriptions: [ { lang: "en", value: "BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.", }, ], metrics: [ { cvssV3_0: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-22T21:02:52.231Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-24-1229", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-24-1229/", }, ], source: { lang: "en", value: "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]", }, title: "BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2024-8805", datePublished: "2024-11-22T21:02:52.231Z", dateReserved: "2024-09-13T17:57:29.617Z", dateUpdated: "2024-12-05T14:42:11.502Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9798
Vulnerability from cvelistv5
Published
2016-12-03 06:28
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/linux-bluetooth/msg68892.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94652 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:03.587Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94652", }, { name: "openSUSE-SU-2019:1476", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { name: "openSUSE-SU-2019:2585", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html", }, { name: "openSUSE-SU-2019:2588", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-03T00:00:00", descriptions: [ { lang: "en", value: "In BlueZ 5.42, a use-after-free was identified in \"conf_opt\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-30T21:06:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94652", }, { name: "openSUSE-SU-2019:1476", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { name: "openSUSE-SU-2019:2585", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html", }, { name: "openSUSE-SU-2019:2588", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9798", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ 5.42, a use-after-free was identified in \"conf_opt\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { name: "94652", refsource: "BID", url: "http://www.securityfocus.com/bid/94652", }, { name: "openSUSE-SU-2019:1476", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { name: "openSUSE-SU-2019:2585", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html", }, { name: "openSUSE-SU-2019:2588", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9798", datePublished: "2016-12-03T06:28:00", dateReserved: "2016-12-03T00:00:00", dateUpdated: "2024-08-06T02:59:03.587Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-0556
Vulnerability from cvelistv5
Published
2020-03-12 20:47
Modified
2024-08-04 06:02
Severity ?
EPSS score ?
Summary
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202003-49 | vendor-advisory, x_refsource_GENTOO | |
| https://www.debian.org/security/2020/dsa-4647 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4311-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:02:52.334Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html", }, { name: "GLSA-202003-49", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-49", }, { name: "DSA-4647", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4647", }, { name: "USN-4311-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4311-1/", }, { name: "openSUSE-SU-2020:0479", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2240-1] bluez security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html", }, { name: "openSUSE-SU-2020:0872", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BlueZ", vendor: "Intel", versions: [ { status: "affected", version: "5.54", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of Privilege, Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-26T20:06:08", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html", }, { name: "GLSA-202003-49", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-49", }, { name: "DSA-4647", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4647", }, { name: "USN-4311-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4311-1/", }, { name: "openSUSE-SU-2020:0479", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2240-1] bluez security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html", }, { name: "openSUSE-SU-2020:0872", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2020-0556", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BlueZ", version: { version_data: [ { version_value: "5.54", }, ], }, }, ], }, vendor_name: "Intel", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of Privilege, Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html", refsource: "CONFIRM", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html", }, { name: "GLSA-202003-49", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-49", }, { name: "DSA-4647", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4647", }, { name: "USN-4311-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4311-1/", }, { name: "openSUSE-SU-2020:0479", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2240-1] bluez security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html", }, { name: "openSUSE-SU-2020:0872", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2020-0556", datePublished: "2020-03-12T20:47:26", dateReserved: "2019-10-28T00:00:00", dateUpdated: "2024-08-04T06:02:52.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12352
Vulnerability from cvelistv5
Published
2020-11-23 16:15
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:56:51.413Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BlueZ", vendor: "n/a", versions: [ { status: "affected", version: "See references", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.", }, ], problemTypes: [ { descriptions: [ { description: "information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-08T15:06:21", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2020-12352", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BlueZ", version: { version_data: [ { version_value: "See references", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", refsource: "MISC", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", }, { name: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, { name: "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2020-12352", datePublished: "2020-11-23T16:15:54", dateReserved: "2020-04-28T00:00:00", dateUpdated: "2024-08-04T11:56:51.413Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51594
Vulnerability from cvelistv5
Published
2024-05-03 02:15
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1901/ | x_research-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "5.66", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-51594", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-03T18:45:09.759899Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:20:40.165Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T22:40:33.876Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-1901", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1901/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.66", }, ], }, ], dateAssigned: "2023-12-20T14:45:49.391-06:00", datePublic: "2023-12-21T18:05:00.340-06:00", descriptions: [ { lang: "en", value: "BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.", }, ], metrics: [ { cvssV3_0: { baseScore: 2.6, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T02:15:23.058Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-1901", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1901/", }, ], source: { lang: "en", value: "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative", }, title: "BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-51594", datePublished: "2024-05-03T02:15:23.058Z", dateReserved: "2023-12-20T20:38:20.870Z", dateUpdated: "2024-08-02T22:40:33.876Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10910
Vulnerability from cvelistv5
Published
2019-01-28 15:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3856-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Bluez Project | bluez |
Version: before 5.51 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:35.295Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910", }, { name: "USN-3856-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3856-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "bluez", vendor: "The Bluez Project", versions: [ { status: "affected", version: "before 5.51", }, ], }, ], datePublic: "2019-01-28T00:00:00", descriptions: [ { lang: "en", value: "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-29T10:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910", }, { name: "USN-3856-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3856-1/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-10910", datePublished: "2019-01-28T15:00:00", dateReserved: "2018-05-09T00:00:00", dateUpdated: "2024-08-05T07:54:35.295Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50230
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1812/ | x_research-advisory | |
| https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443 | vendor-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "5.66", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-50230", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-03T20:56:16.702257Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:17:41.300Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T22:09:49.804Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-1812", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1812/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.66", }, ], }, ], dateAssigned: "2023-12-05T13:37:59.732-06:00", datePublic: "2023-12-20T03:55:28.806-06:00", descriptions: [ { lang: "en", value: "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T02:14:47.428Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-1812", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1812/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", ], url: "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443", }, ], source: { lang: "en", value: "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative", }, title: "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-50230", datePublished: "2024-05-03T02:14:47.428Z", dateReserved: "2023-12-05T16:15:17.545Z", dateUpdated: "2024-08-02T22:09:49.804Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51589
Vulnerability from cvelistv5
Published
2024-05-03 02:15
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1904/ | x_research-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "5.66", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-51589", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-05T14:26:53.760124Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T14:38:14.354Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T22:40:33.852Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-1904", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1904/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.66", }, ], }, ], dateAssigned: "2023-12-20T14:45:49.357-06:00", datePublic: "2023-12-21T18:05:15.297-06:00", descriptions: [ { lang: "en", value: "BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T02:15:19.369Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-1904", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1904/", }, ], source: { lang: "en", value: "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative", }, title: "BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-51589", datePublished: "2024-05-03T02:15:19.369Z", dateReserved: "2023-12-20T20:38:20.870Z", dateUpdated: "2024-08-02T22:40:33.852Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3588
Vulnerability from cvelistv5
Published
2021-06-10 02:30
Modified
2024-09-16 23:37
Severity ?
EPSS score ?
Summary
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bluez/bluez/issues/70 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202209-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:07.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bluez/bluez/issues/70", }, { name: "GLSA-202209-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BlueZ", vendor: "BlueZ", versions: [ { lessThan: "5.56", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2021-06-09T00:00:00", descriptions: [ { lang: "en", value: "The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-788", description: "CWE-788 Access of Memory Location After End of Buffer", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:27", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/bluez/bluez/issues/70", }, { name: "GLSA-202209-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-16", }, ], solutions: [ { lang: "en", value: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/src/gatt-database.c?id=6a50b6aeda78a88eafb177718109c256eec077a6", }, ], source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548", ], discovery: "EXTERNAL", }, title: "memory contents disclosure in cli_feat_read_cb", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", DATE_PUBLIC: "2021-06-09T00:00:00.000Z", ID: "CVE-2021-3588", STATE: "PUBLIC", TITLE: "memory contents disclosure in cli_feat_read_cb", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BlueZ", version: { version_data: [ { version_affected: "<", version_value: "5.56", }, ], }, }, ], }, vendor_name: "BlueZ", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-788 Access of Memory Location After End of Buffer", }, ], }, { description: [ { lang: "eng", value: "CWE-125 Out-of-bounds Read", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/bluez/bluez/issues/70", refsource: "MISC", url: "https://github.com/bluez/bluez/issues/70", }, { name: "GLSA-202209-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-16", }, ], }, solution: [ { lang: "en", value: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/src/gatt-database.c?id=6a50b6aeda78a88eafb177718109c256eec077a6", }, ], source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2021-3588", datePublished: "2021-06-10T02:30:11.654259Z", dateReserved: "2021-06-08T00:00:00", dateUpdated: "2024-09-16T23:37:02.790Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-27153
Vulnerability from cvelistv5
Published
2020-10-15 02:53
Modified
2024-08-04 16:11
Severity ?
EPSS score ?
Summary
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07 | x_refsource_MISC | |
| https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1884817 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202011-01 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2021/dsa-4951 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:11:35.730Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1884817", }, { name: "[debian-lts-announce] 20201021 [SECURITY] [DLA 2410-1] bluez security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html", }, { name: "GLSA-202011-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202011-01", }, { name: "openSUSE-SU-2020:1876", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html", }, { name: "openSUSE-SU-2020:1880", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html", }, { name: "DSA-4951", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4951", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-07T22:06:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1884817", }, { name: "[debian-lts-announce] 20201021 [SECURITY] [DLA 2410-1] bluez security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html", }, { name: "GLSA-202011-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202011-01", }, { name: "openSUSE-SU-2020:1876", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html", }, { name: "openSUSE-SU-2020:1880", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html", }, { name: "DSA-4951", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4951", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-27153", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07", refsource: "MISC", url: "https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07", }, { name: "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a", refsource: "MISC", url: "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1884817", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1884817", }, { name: "[debian-lts-announce] 20201021 [SECURITY] [DLA 2410-1] bluez security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html", }, { name: "GLSA-202011-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202011-01", }, { name: "openSUSE-SU-2020:1876", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html", }, { name: "openSUSE-SU-2020:1880", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html", }, { name: "DSA-4951", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4951", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-27153", datePublished: "2020-10-15T02:53:27", dateReserved: "2020-10-15T00:00:00", dateUpdated: "2024-08-04T16:11:35.730Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27349
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2025-02-13 16:45
Severity ?
EPSS score ?
Summary
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:bluez:bluez:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluez", vendor: "bluez", versions: [ { status: "affected", version: "-", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-27349", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-16T17:38:51.426068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:24:49.193Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T12:09:43.408Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-386", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-386/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", "x_transferred", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "BlueZ", vendor: "BlueZ", versions: [ { status: "affected", version: "5.66", }, ], }, ], dateAssigned: "2023-02-28T18:05:54.030Z", datePublic: "2023-04-12T15:01:03.453Z", descriptions: [ { lang: "en", value: "BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.", }, ], metrics: [ { cvssV3_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T16:12:55.458Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-386", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-386/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9", }, { url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00015.html", }, ], source: { lang: "en", value: "Michael Randrianantenaina (https://elkamika.blogspot.com/)", }, title: "BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-27349", datePublished: "2024-05-03T01:56:08.230Z", dateReserved: "2023-02-28T17:58:45.480Z", dateUpdated: "2025-02-13T16:45:22.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-7837
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN38755305/index.html | third-party-advisory, x_refsource_JVN | |
| https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95067 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/4311-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlueZ Project | BlueZ |
Version: 5.41 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:04:56.096Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#38755305", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN38755305/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601", }, { name: "95067", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95067", }, { name: "USN-4311-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4311-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BlueZ", vendor: "BlueZ Project", versions: [ { status: "affected", version: "5.41 and earlier", }, ], }, ], datePublic: "2016-12-22T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.", }, ], problemTypes: [ { descriptions: [ { description: "Buffer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-02T23:06:04", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#38755305", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "https://jvn.jp/en/jp/JVN38755305/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601", }, { name: "95067", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95067", }, { name: "USN-4311-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4311-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-7837", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BlueZ", version: { version_data: [ { version_value: "5.41 and earlier", }, ], }, }, ], }, vendor_name: "BlueZ Project", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "JVN#38755305", refsource: "JVN", url: "https://jvn.jp/en/jp/JVN38755305/index.html", }, { name: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601", refsource: "CONFIRM", url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601", }, { name: "95067", refsource: "BID", url: "http://www.securityfocus.com/bid/95067", }, { name: "USN-4311-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4311-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-7837", datePublished: "2017-06-09T16:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T02:04:56.096Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-11-29 08:15
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20211203-0002/ | Third Party Advisory | |
| cve@mitre.org | https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211203-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| linux | linux_kernel | - | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "B46FC6F0-636B-46F4-815C-61DC2A543CBB", versionEndIncluding: "5.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.", }, { lang: "es", value: "Se ha detectado un problema en bluetoothd en BlueZ versiones hasta 5.48. La vulnerabilidad reside en el manejo de un SVC_ATTR_REQ por parte de la implementación del SDP. Si se diseña un CSTATE malicioso, es posible engañar al servidor para que devuelva más bytes de los que realmente contiene el búfer, lo que da lugar a una fuga de datos arbitraria del montón. La causa principal se encuentra en la función service_attr_req del archivo sdpd-request.c. El servidor no comprueba si los datos CSTATE son los mismos en peticiones consecutivas, y en su lugar simplemente confía en que son los mismos", }, ], id: "CVE-2019-8921", lastModified: "2024-11-21T04:50:39.660", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-29T08:15:07.573", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211203-0002/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211203-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-02 23:15
Modified
2024-11-21 06:22
Severity ?
Summary
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| fedoraproject | fedora | 34 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "CB308421-876D-46FA-8DC3-A1EFA7AE3604", versionEndExcluding: "5.61", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.", }, { lang: "es", value: "bluetoothd de bluez guarda incorrectamente el estado Discoverable de los adaptadores cuando es apagado un dispositivo, y lo restaura cuando es encendido. Si un dispositivo es apagado mientras es detectado, será detectado cuando es encendido de nuevo. Esto podría conllevar a una exposición inadvertida de la pila bluetooth a atacantes físicamente cercanos", }, ], id: "CVE-2021-3658", lastModified: "2024-11-21T06:22:05.527", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-02T23:15:08.787", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1984728", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220407-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1984728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220407-0002/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-03 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*", matchCriteriaId: "196663D8-4181-4806-9944-0C60F9402CCA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"pin_code_reply_dump\" function in \"tools/parser/hci.c\" source file. The issue exists because \"pin\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"pin_code_reply_cp *cp\" parameter.", }, { lang: "es", value: "En BlueZ 5.42, se ha observado un desbordamiento de búfer en la función \"pin_code_reply_dump\" en la fuente de archivo \"tools/parser/hci.c\". El problema existe debido a que el \"pin\" se desborda por el parámetro subministrado debido a la falta de controles de límites en el tamaño del búfer del parámetro frame \"pin_code_reply_cp * cp\".", }, ], id: "CVE-2016-9800", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-03T06:59:05.137", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 21:15
Modified
2024-11-21 04:53
Severity ?
Summary
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "D3432F11-C861-4C2C-A782-2D7EF7AA8E20", versionEndExcluding: "5.54", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access", }, { lang: "es", value: "El control de acceso incorrecto en el subsistema para BlueZ anterior a la versión 5.54 puede permitir que un usuario no autenticado permita potencialmente la escalada de privilegios y la denegación de servicio a través del acceso adyacente", }, ], id: "CVE-2020-0556", lastModified: "2024-11-21T04:53:45.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T21:15:14.157", references: [ { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-49", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4311-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4647", }, { source: "secure@intel.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-49", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4311-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-03 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*", matchCriteriaId: "196663D8-4181-4806-9944-0C60F9402CCA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ 5.42, a use-after-free was identified in \"conf_opt\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, { lang: "es", value: "En BlueZ 5.42, se ha identificado una liberación de memoria después de uso en la función \"conf_opt\" en la fuente de programa \"tools/parser/l2cap.c\". Este problema puede ser desencadenado procesando un archivo de volcado corrupto que resulta en una caída de hcidump.", }, ], id: "CVE-2016-9798", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-03T06:59:02.887", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-03 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*", matchCriteriaId: "196663D8-4181-4806-9944-0C60F9402CCA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"commands_dump\" function in \"tools/parser/csr.c\" source file. The issue exists because \"commands\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"frm->ptr\" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, { lang: "es", value: "En BlueZ 5.42, se ha observado un desbordamiento de búfer en la función \"commands_dump\" en la fuente de archivo \"tools/parser/csr.c\". El problema existe porque la cadena \"commands\" desborda por el parámetro subministrado debido a la falta de controles de límites en el tamaño del búfer del parámetro frame \"frm->ptr\". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resulta en una caída de hcidump.", }, ], id: "CVE-2016-9804", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-03T06:59:09.513", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-23 17:15
Modified
2024-11-21 04:59
Severity ?
Summary
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@intel.com | http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html | Third Party Advisory, VDB Entry | |
| secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| bluez | bluez | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C80C1FD8-F215-4D0F-BEE9-19828D469E40", versionEndExcluding: "5.4.72", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7BDBCEEC-9FE9-443E-9390-A4482628E1A2", versionEndExcluding: "5.8.16", versionStartIncluding: "5.8.0", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "495DCAB3-4E54-4834-B819-24D7DE5080E3", versionEndIncluding: "5.9.13", versionStartIncluding: "5.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "44048534-EE46-4AEE-B776-33273C37B1E6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.", }, { lang: "es", value: "Un control de acceso inapropiado en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de un acceso adyacente", }, ], id: "CVE-2020-12352", lastModified: "2024-11-21T04:59:33.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-23T17:15:12.313", references: [ { source: "secure@intel.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-909", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-03 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.spinics.net/lists/linux-bluetooth/msg68898.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spinics.net/lists/linux-bluetooth/msg68898.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*", matchCriteriaId: "196663D8-4181-4806-9944-0C60F9402CCA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"pklg_read_hci\" function in \"btsnoop.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.", }, { lang: "es", value: "En BlueZ 5.42, se ha observado un desbordamiento de búfer en la función \"pklg_read_hci\" en la fuente de archivo \"btsnoop.c\". Este problema puede ser desencadenado procesando un archivo de volcado corrupto que resulta en una caída de btmon.", }, ], id: "CVE-2016-9799", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-03T06:59:04.013", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-03 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*", matchCriteriaId: "196663D8-4181-4806-9944-0C60F9402CCA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"set_ext_ctrl\" function in \"tools/parser/l2cap.c\" source file when processing corrupted dump file.", }, { lang: "es", value: "En BlueZ 5.42, se ha observado un desbordamiento de búfer en la función \"set_ext_ctrl\" en la fuente de archivo \"tools/parser/l2cap.c\" cuando procesa un archivo de volcado corrupto.", }, ], id: "CVE-2016-9801", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-03T06:59:06.417", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-10 17:44
Modified
2024-11-21 06:38
Severity ?
Summary
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "92791467-35A3-4E92-AEDC-1E3751013EE8", versionEndExcluding: "5.63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.", }, { lang: "es", value: "Se encontró una vulnerabilidad de desbordamiento de pila en bluez en versiones anteriores a la 5.63. Un atacante con acceso a la red local podría pasar archivos especialmente diseñados causando a una aplicación detenerse o bloquearse, conllevando a una denegación de servicio", }, ], id: "CVE-2022-0204", lastModified: "2024-11-21T06:38:08.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-10T17:44:55.230", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039807", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039807", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-16", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-12 23:15
Modified
2024-11-21 06:25
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | 5.58 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.58:*:*:*:*:*:*:*", matchCriteriaId: "FAC3D39C-463E-43DD-A4F9-1957F4183606", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.", }, { lang: "es", value: "BlueZ es una pila de protocolos Bluetooth para Linux. En las versiones afectadas se presenta una vulnerabilidad en la función sdp_cstate_alloc_buf que asigna memoria que siempre quedará colgada en la lista enlazada de cstates y no será liberada. Esto causará una pérdida de memoria con el tiempo. Los datos pueden ser un objeto muy grande, lo que puede ser causado por un atacante que envía continuamente paquetes sdp y esto puede causar el bloqueo del servicio del dispositivo de destino", }, ], id: "CVE-2021-41229", lastModified: "2024-11-21T06:25:50.123", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-12T23:15:08.857", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211203-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211203-0004/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-10 03:15
Modified
2024-11-21 06:21
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://github.com/bluez/bluez/issues/70 | Exploit, Patch, Third Party Advisory | |
| security@ubuntu.com | https://security.gentoo.org/glsa/202209-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bluez/bluez/issues/70 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202209-16 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "75456FDD-9DF3-44A6-8399-7B5947C2E850", versionEndExcluding: "5.56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.", }, { lang: "es", value: "La función cli_feat_read_cb() en src/gatt-database.c no realiza comprobaciones de límites en la variable 'offset' antes de utilizarla como índice en un array para su lectura", }, ], id: "CVE-2021-3588", lastModified: "2024-11-21T06:21:54.823", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "security@ubuntu.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-10T03:15:07.477", references: [ { source: "security@ubuntu.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/issues/70", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/issues/70", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-16", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-788", }, ], source: "security@ubuntu.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-03 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*", matchCriteriaId: "196663D8-4181-4806-9944-0C60F9402CCA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer over-read was observed in \"l2cap_dump\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, { lang: "es", value: "En BlueZ 5.42, se ha observado una sobrelectura de búfer en la función \"l2cap_dump\" en la fuente de archivo \"tools/parser/l2cap.c\". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resulta en una caída de hcidump.", }, ], id: "CVE-2016-9797", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-03T06:59:01.747", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/95067 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 | Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN38755305/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://usn.ubuntu.com/4311-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95067 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN38755305/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4311-1/ |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "72A099E5-13B3-49FB-9DD9-801BD11156BC", versionEndIncluding: "5.41", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.", }, { lang: "es", value: "Ddesbordamiento de búfer en BlueZ 5.41 y versiones anteriores, permite a un atacante ejecutar código arbitrario a través de la función parse_line utilizada en algunas utilidades de userland.", }, ], id: "CVE-2016-7837", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-09T16:29:01.297", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95067", }, { source: "vultures@jpcert.or.jp", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN38755305/index.html", }, { source: "vultures@jpcert.or.jp", url: "https://usn.ubuntu.com/4311-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://jvn.jp/en/jp/JVN38755305/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4311-1/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-28 15:29
Modified
2024-11-21 03:42
Severity ?
4.5 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/3856-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3856-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| canonical | ubuntu_linux | 18.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "C76AC61F-7418-452A-B2C0-2BF53A1CB4D1", versionEndExcluding: "5.51", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.", }, { lang: "es", value: "Un fallo en Bluez podría permitir al estado \"Bluetooth Disponible\" establecerse en \"activo\" cuando no hay ningún agente Bluetooth registrado con el sistema. Esto podría provocar el emparejamiento no autorizado de determinados dispositivos Bluetooth sin ningún tipo de autenticación. Las versiones de Bluez anteriores a la 5.51 son vulnerables.", }, ], id: "CVE-2018-10910", lastModified: "2024-11-21T03:42:16.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 1, impactScore: 3.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-28T15:29:00.230", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3856-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3856-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-02 04:15
Modified
2024-11-21 07:17
Severity ?
Summary
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20221020-0002/ | Third Party Advisory | |
| cve@mitre.org | https://ubuntu.com/security/notices/USN-5481-1 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221020-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5481-1 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "8207A8CC-FF6D-44A1-B3A1-197B3568161F", versionEndExcluding: "5.59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.", }, { lang: "es", value: "BlueZ versiones anteriores a 5.59, permite a atacantes físicamente próximos causar una denegación de servicio porque pueden procesarse capacidades malformadas e inválidas en el archivo profiles/audio/avdtp.c", }, ], id: "CVE-2022-39177", lastModified: "2024-11-21T07:17:43.397", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-02T04:15:11.477", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221020-0002/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://ubuntu.com/security/notices/USN-5481-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221020-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://ubuntu.com/security/notices/USN-5481-1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-02 04:15
Modified
2024-11-21 07:17
Severity ?
Summary
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20221020-0002/ | Third Party Advisory | |
| cve@mitre.org | https://ubuntu.com/security/notices/USN-5481-1 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221020-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5481-1 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "8207A8CC-FF6D-44A1-B3A1-197B3568161F", versionEndExcluding: "5.59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.", }, { lang: "es", value: "BlueZ versiones anteriores a 5.59, permite a atacantes físicamente próximos obtener información confidencial porque el archivo profiles/audio/avrcp.c no comprueba params_len", }, ], id: "CVE-2022-39176", lastModified: "2024-11-21T07:17:43.200", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-02T04:15:11.427", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221020-0002/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://ubuntu.com/security/notices/USN-5481-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221020-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://ubuntu.com/security/notices/USN-5481-1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-22 21:15
Modified
2024-12-20 18:05
Severity ?
Summary
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1229/ | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.77:*:*:*:*:*:*:*", matchCriteriaId: "55E1D2F1-2073-4451-8D1A-A60DDD0E2ABD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en el control de acceso inadecuado del perfil HID sobre GATT de BlueZ. Esta vulnerabilidad permite a los atacantes adyacentes a la red ejecutar código arbitrario en las instalaciones afectadas de BlueZ. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica existe dentro de la implementación del perfil HID sobre GATT. El problema es el resultado de la falta de autorización antes de permitir el acceso a la funcionalidad. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto del usuario actual. Era ZDI-CAN-25177.", }, ], id: "CVE-2024-8805", lastModified: "2024-12-20T18:05:47.173", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-11-22T21:15:18.660", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-24-1229/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-29 08:15
Modified
2024-11-21 04:50
Severity ?
Summary
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20211203-0002/ | Third Party Advisory | |
| cve@mitre.org | https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211203-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| linux | linux_kernel | - | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "B46FC6F0-636B-46F4-815C-61DC2A543CBB", versionEndIncluding: "5.48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.", }, { lang: "es", value: "Se ha detectado un desbordamiento del búfer en la región heap de la memoria en bluetoothd en BlueZ versiones hasta 5.48. No presenta ninguna comprobación sobre si presenta suficiente espacio en el buffer de destino. La función simplemente añade todos los datos que son pasados. Los valores de todos los atributos solicitados son añadidos al búfer de salida. No se presenta ningún tipo de comprobación de tamaño, resultando en un simple desbordamiento de la pila si es posible diseñar una petición en la que la respuesta sea lo suficientemente grande como para desbordar el búfer preasignado. Este problema se presenta cuando service_attr_req es llamado por process_request (en el archivo sdpd-request.c), que también asigna el buffer de respuesta", }, ], id: "CVE-2019-8922", lastModified: "2024-11-21T04:50:39.823", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-29T08:15:07.627", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211203-0002/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211203-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-15 03:15
Modified
2024-11-21 05:20
Severity ?
Summary
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "39E80B2D-248F-4CD2-9959-2C1B199C7667", versionEndExcluding: "5.55", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.", }, { lang: "es", value: "En BlueZ versiones anteriores a 5.55, se encontró una doble liberación en la rutina disconnect_cb() de gatttool del archivo shared/att.c. Un atacante remoto podría potencialmente causar una denegación de servicio o una ejecución de código, durante la detección del servicio, debido a un evento MGMT de desconexión redundante", }, ], id: "CVE-2020-27153", lastModified: "2024-11-21T05:20:47.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-15T03:15:12.120", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1884817", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202011-01", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1884817", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202011-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4951", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-415", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-02 22:15
Modified
2024-11-21 05:14
Severity ?
Summary
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | - | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:-:*:*:*:*:*:*:*", matchCriteriaId: "C5B75318-0A53-466E-B4B7-A8EA188C26F2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "06AAC075-8124-46CF-A8F0-D9F19B5AD4CD", versionEndExcluding: "4.19.137", versionStartIncluding: "4.19", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "EFD91860-B023-4C95-BED5-8585DF37964C", versionEndExcluding: "5.4.56", versionStartIncluding: "4.20", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "D7B25FDD-8A33-4D09-B0C1-FD5F2E38F7F5", versionEndExcluding: "5.7.13", versionStartIncluding: "5.5.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.", }, { lang: "es", value: "Unas restricciones de búfer inapropiadas en BlueZ pueden permitir a un usuario no autenticado habilitar potencialmente la denegación de servicio por medio de un acceso adyacente. Esto afecta a todas las versiones del kernel de Linux que admiten BlueZ", }, ], id: "CVE-2020-24490", lastModified: "2024-11-21T05:14:54.313", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-02T22:15:12.150", references: [ { source: "secure@intel.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-21 11:15
Modified
2024-11-21 07:19
Severity ?
2.6 (Low) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f | Patch, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.211936 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.211936 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "0D650D22-EC21-464C-B678-D452B3E79E99", versionEndExcluding: "5.65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad en el Kernel de Linux y ha sido clasificada como problemática. Esta vulnerabilidad afecta a la función jlink_init del archivo monitor/jlink.c del componente BlueZ. La manipulación conlleva una denegación de servicio. Es recomendado aplicar un parche para corregir este problema. El identificador de esta vulnerabilidad es VDB-211936", }, ], id: "CVE-2022-3637", lastModified: "2024-11-21T07:19:56.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-21T11:15:09.700", references: [ { source: "cna@vuldb.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.211936", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.211936", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-04 23:15
Modified
2024-11-21 06:29
Severity ?
Summary
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | 5.61 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.61:*:*:*:*:*:*:*", matchCriteriaId: "C1563348-C90F-4280-BB53-A9CBC27CB81D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.", }, { lang: "es", value: "Se ha detectado un problema en el archivo gatt-database.c en BlueZ versión 5.61. Puede producirse un uso de memoria previamente liberada cuando un cliente se desconecta durante el procesamiento de D-Bus de una llamada WriteValue", }, ], id: "CVE-2021-43400", lastModified: "2024-11-21T06:29:10.217", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-04T23:15:10.350", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-09 20:15
Modified
2024-11-21 05:42
Severity ?
Summary
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez | bluez | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.13 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "EB5A8356-8D54-48BF-BB7C-399E792B08F6", versionEndExcluding: "5.57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "A2E6872F-0224-4926-998D-21C18423039C", versionEndExcluding: "4.4.270", versionStartIncluding: "2.6.12", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "37CBDA9D-1990-4FE7-BBAE-74295AF17599", versionEndExcluding: "4.9.270", versionStartIncluding: "4.9", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "74E79EFE-C6F5-4D33-9025-36CC6916EF0A", versionEndExcluding: "4.14.234", versionStartIncluding: "4.14", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "44029CEE-959D-499F-8913-FED343DA6B65", versionEndExcluding: "4.19.192", versionStartIncluding: "4.19", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C3787113-B7B0-4615-85C5-DDAAE38C1F46", versionEndExcluding: "5.4.122", versionStartIncluding: "5.4", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "FAEFD181-62CD-41CD-BFE5-7BC337ADE1CA", versionEndExcluding: "5.10.40", versionStartIncluding: "5.10", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "13460FFE-8AA9-4F1C-963C-30982D8858D1", versionEndExcluding: "5.12.7", versionStartIncluding: "5.12", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", matchCriteriaId: "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.", }, { lang: "es", value: "Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente", }, ], id: "CVE-2021-0129", lastModified: "2024-11-21T05:42:01.513", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 2.7, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-09T20:15:08.830", references: [ { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-16", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0002/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4951", }, { source: "secure@intel.com", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-12 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "0A6C5D02-8B93-4876-84E2-9C529EF85150", versionEndIncluding: "5.46", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.", }, { lang: "es", value: "Todas las versiones del servidor SDP en BlueZ 5.46 y anteriores son vulnerables a sufrir una divulgación de información que permite que los atacantes remotos obtengan información sensible de la memoria del proceso bluetoothd. Esta vulnerabilidad se basa en el procesamiento de peticiones del atributo de búsqueda SDP.", }, ], id: "CVE-2017-1000250", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-12T17:29:00.197", references: [ { source: "cve@mitre.org", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3972", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100814", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:2685", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "https://access.redhat.com/security/vulnerabilities/blueborne", }, { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://www.armis.com/blueborne", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/240311", }, { source: "cve@mitre.org", url: "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", }, { source: "nvd@nist.gov", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://access.redhat.com/security/cve/CVE-2017-1000250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3972", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:2685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://access.redhat.com/security/vulnerabilities/blueborne", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://www.armis.com/blueborne", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/240311", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-03 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*", matchCriteriaId: "196663D8-4181-4806-9944-0C60F9402CCA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ 5.42, an out-of-bounds read was observed in \"le_meta_ev_dump\" function in \"tools/parser/hci.c\" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.", }, { lang: "es", value: "En BlueZ 5.42, una lectura fuera de límites ha sido observada en la función \"le_meta_ev_dump\" en la fuente de archivo \"tools/parser/hci.c\". Este problema existe debido a que 'subevent' (que es usado para leer correctamente elementos del array 'ev_le_meta_str') está desbordado.", }, ], id: "CVE-2016-9803", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-03T06:59:08.527", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-03 06:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.spinics.net/lists/linux-bluetooth/msg68898.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spinics.net/lists/linux-bluetooth/msg68898.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*", matchCriteriaId: "196663D8-4181-4806-9944-0C60F9402CCA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer over-read was identified in \"l2cap_packet\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.", }, { lang: "es", value: "En BlueZ 5.42, se ha identificado una sobrelectura de búfer en la función \"l2cap_packet\" en la fuente de archivo \"monitor/packet.c\". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resulta en una caída de btmon.", }, ], id: "CVE-2016-9802", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-03T06:59:07.527", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68898.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-08 08:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95013 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95013 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spinics.net/lists/linux-bluetooth/msg68892.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:*", matchCriteriaId: "196663D8-4181-4806-9944-0C60F9402CCA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In BlueZ 5.42, a buffer overflow was observed in \"read_n\" function in \"tools/hcidump.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.", }, { lang: "es", value: "En BlueZ 5.42, un desbordamiento de búfer fue observado en la función \"read_n\" en el archivo fuente \"tools/hcidump.c\". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resultará en una caída hcidump.", }, ], id: "CVE-2016-9917", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-08T08:59:03.617", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95013", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-bluetooth/msg68892.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-17 19:15
Modified
2024-11-21 07:19
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e | Patch, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.211086 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.211086 | Permissions Required |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", matchCriteriaId: "0D650D22-EC21-464C-B678-D452B3E79E99", versionEndExcluding: "5.65", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad clasificada como problemática en el Kernel de Linux. Está afectada la función read_50_controller_cap_complete del fichero tools/mgmt-tester.c del componente BlueZ. La manipulación del argumento cap_len conlleva a una desreferencia de puntero null. Es recomendado aplicar un parche para corregir este problema. VDB-211086 es el identificador asignado a esta vulnerabilidad", }, ], id: "CVE-2022-3563", lastModified: "2024-11-21T07:19:46.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-17T19:15:10.100", references: [ { source: "cna@vuldb.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", ], url: "https://vuldb.com/?id.211086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://vuldb.com/?id.211086", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
var-202111-1603
Vulnerability from variot
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. BlueZ Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state.
BlueZ has a resource management error vulnerability. The vulnerability stems from a vulnerability in the cstate alloc buf of the sdp in the affected version. ========================================================================== Ubuntu Security Notice USN-5155-1 November 23, 2021
bluez vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in BlueZ.
Software Description: - bluez: Bluetooth tools and daemons
Details:
It was discovered that BlueZ incorrectly handled the Discoverable status when a device is powered down. This could result in devices being powered up discoverable, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-3658)
It was discovered that BlueZ incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause BlueZ to consume resources, leading to a denial of service. (CVE-2021-41229)
It was discovered that the BlueZ gatt server incorrectly handled disconnects. (CVE-2021-43400)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: bluez 5.60-0ubuntu2.1 libbluetooth3 5.60-0ubuntu2.1
Ubuntu 21.04: bluez 5.56-0ubuntu4.3 libbluetooth3 5.56-0ubuntu4.3
Ubuntu 20.04 LTS: bluez 5.53-0ubuntu3.4 libbluetooth3 5.53-0ubuntu3.4
Ubuntu 18.04 LTS: bluez 5.48-0ubuntu3.6 libbluetooth3 5.48-0ubuntu3.6
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: bluez security update Advisory ID: RHSA-2022:2081-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2081 Issue date: 2022-05-10 CVE Names: CVE-2021-41229 =====================================================================
- Summary:
An update for bluez is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files.
Security Fix(es):
- bluez: memory leak in the SDP protocol (CVE-2021-41229)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2025034 - CVE-2021-41229 bluez: memory leak in the SDP protocol
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: bluez-cups-5.56-3.el8.aarch64.rpm bluez-cups-debuginfo-5.56-3.el8.aarch64.rpm bluez-debuginfo-5.56-3.el8.aarch64.rpm bluez-debugsource-5.56-3.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.56-3.el8.aarch64.rpm bluez-libs-debuginfo-5.56-3.el8.aarch64.rpm bluez-obexd-debuginfo-5.56-3.el8.aarch64.rpm
ppc64le: bluez-cups-5.56-3.el8.ppc64le.rpm bluez-cups-debuginfo-5.56-3.el8.ppc64le.rpm bluez-debuginfo-5.56-3.el8.ppc64le.rpm bluez-debugsource-5.56-3.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.56-3.el8.ppc64le.rpm bluez-libs-debuginfo-5.56-3.el8.ppc64le.rpm bluez-obexd-debuginfo-5.56-3.el8.ppc64le.rpm
s390x: bluez-cups-5.56-3.el8.s390x.rpm bluez-cups-debuginfo-5.56-3.el8.s390x.rpm bluez-debuginfo-5.56-3.el8.s390x.rpm bluez-debugsource-5.56-3.el8.s390x.rpm bluez-hid2hci-debuginfo-5.56-3.el8.s390x.rpm bluez-libs-debuginfo-5.56-3.el8.s390x.rpm bluez-obexd-debuginfo-5.56-3.el8.s390x.rpm
x86_64: bluez-cups-5.56-3.el8.x86_64.rpm bluez-cups-debuginfo-5.56-3.el8.x86_64.rpm bluez-debuginfo-5.56-3.el8.x86_64.rpm bluez-debugsource-5.56-3.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.56-3.el8.x86_64.rpm bluez-libs-debuginfo-5.56-3.el8.x86_64.rpm bluez-obexd-debuginfo-5.56-3.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: bluez-5.56-3.el8.src.rpm
aarch64: bluez-5.56-3.el8.aarch64.rpm bluez-cups-debuginfo-5.56-3.el8.aarch64.rpm bluez-debuginfo-5.56-3.el8.aarch64.rpm bluez-debugsource-5.56-3.el8.aarch64.rpm bluez-hid2hci-5.56-3.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.56-3.el8.aarch64.rpm bluez-libs-5.56-3.el8.aarch64.rpm bluez-libs-debuginfo-5.56-3.el8.aarch64.rpm bluez-obexd-5.56-3.el8.aarch64.rpm bluez-obexd-debuginfo-5.56-3.el8.aarch64.rpm
ppc64le: bluez-5.56-3.el8.ppc64le.rpm bluez-cups-debuginfo-5.56-3.el8.ppc64le.rpm bluez-debuginfo-5.56-3.el8.ppc64le.rpm bluez-debugsource-5.56-3.el8.ppc64le.rpm bluez-hid2hci-5.56-3.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.56-3.el8.ppc64le.rpm bluez-libs-5.56-3.el8.ppc64le.rpm bluez-libs-debuginfo-5.56-3.el8.ppc64le.rpm bluez-obexd-5.56-3.el8.ppc64le.rpm bluez-obexd-debuginfo-5.56-3.el8.ppc64le.rpm
s390x: bluez-5.56-3.el8.s390x.rpm bluez-cups-debuginfo-5.56-3.el8.s390x.rpm bluez-debuginfo-5.56-3.el8.s390x.rpm bluez-debugsource-5.56-3.el8.s390x.rpm bluez-hid2hci-5.56-3.el8.s390x.rpm bluez-hid2hci-debuginfo-5.56-3.el8.s390x.rpm bluez-libs-5.56-3.el8.s390x.rpm bluez-libs-debuginfo-5.56-3.el8.s390x.rpm bluez-obexd-5.56-3.el8.s390x.rpm bluez-obexd-debuginfo-5.56-3.el8.s390x.rpm
x86_64: bluez-5.56-3.el8.x86_64.rpm bluez-cups-debuginfo-5.56-3.el8.i686.rpm bluez-cups-debuginfo-5.56-3.el8.x86_64.rpm bluez-debuginfo-5.56-3.el8.i686.rpm bluez-debuginfo-5.56-3.el8.x86_64.rpm bluez-debugsource-5.56-3.el8.i686.rpm bluez-debugsource-5.56-3.el8.x86_64.rpm bluez-hid2hci-5.56-3.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.56-3.el8.i686.rpm bluez-hid2hci-debuginfo-5.56-3.el8.x86_64.rpm bluez-libs-5.56-3.el8.i686.rpm bluez-libs-5.56-3.el8.x86_64.rpm bluez-libs-debuginfo-5.56-3.el8.i686.rpm bluez-libs-debuginfo-5.56-3.el8.x86_64.rpm bluez-obexd-5.56-3.el8.x86_64.rpm bluez-obexd-debuginfo-5.56-3.el8.i686.rpm bluez-obexd-debuginfo-5.56-3.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: bluez-cups-debuginfo-5.56-3.el8.aarch64.rpm bluez-debuginfo-5.56-3.el8.aarch64.rpm bluez-debugsource-5.56-3.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.56-3.el8.aarch64.rpm bluez-libs-debuginfo-5.56-3.el8.aarch64.rpm bluez-libs-devel-5.56-3.el8.aarch64.rpm bluez-obexd-debuginfo-5.56-3.el8.aarch64.rpm
ppc64le: bluez-cups-debuginfo-5.56-3.el8.ppc64le.rpm bluez-debuginfo-5.56-3.el8.ppc64le.rpm bluez-debugsource-5.56-3.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.56-3.el8.ppc64le.rpm bluez-libs-debuginfo-5.56-3.el8.ppc64le.rpm bluez-libs-devel-5.56-3.el8.ppc64le.rpm bluez-obexd-debuginfo-5.56-3.el8.ppc64le.rpm
s390x: bluez-cups-debuginfo-5.56-3.el8.s390x.rpm bluez-debuginfo-5.56-3.el8.s390x.rpm bluez-debugsource-5.56-3.el8.s390x.rpm bluez-hid2hci-debuginfo-5.56-3.el8.s390x.rpm bluez-libs-debuginfo-5.56-3.el8.s390x.rpm bluez-libs-devel-5.56-3.el8.s390x.rpm bluez-obexd-debuginfo-5.56-3.el8.s390x.rpm
x86_64: bluez-cups-debuginfo-5.56-3.el8.i686.rpm bluez-cups-debuginfo-5.56-3.el8.x86_64.rpm bluez-debuginfo-5.56-3.el8.i686.rpm bluez-debuginfo-5.56-3.el8.x86_64.rpm bluez-debugsource-5.56-3.el8.i686.rpm bluez-debugsource-5.56-3.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.56-3.el8.i686.rpm bluez-hid2hci-debuginfo-5.56-3.el8.x86_64.rpm bluez-libs-debuginfo-5.56-3.el8.i686.rpm bluez-libs-debuginfo-5.56-3.el8.x86_64.rpm bluez-libs-devel-5.56-3.el8.i686.rpm bluez-libs-devel-5.56-3.el8.x86_64.rpm bluez-obexd-debuginfo-5.56-3.el8.i686.rpm bluez-obexd-debuginfo-5.56-3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-41229 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYnqRLtzjgjWX9erEAQhLSQ//ZwYEUw8IqRkMhaXHWMrPk50APquWo/Dk gIcV1Slmo0NTJMHosbYiJ6PFzQKcrPO36c1pXjPewLSvzY2Y8yp55E9Y9kUTMENn Ue2wFrM9hFqFhACbZlVDViwsnj9gp18n9DfPrtJzU0py8jJrkm1KMyiqtUzkoA6r P0jQl0q7GtU5TCerU8QOpc2bWcaOXD6dT5AwcgOWDyQ9CU38nuIXGrcdf6JkXybx T8nWOA4FNBMW5X0uISgeMrsxI0eT8sn0ww+i/cnOOA9QczqpKxy682NFbsWDwQWY u09h4MD4Voi+Skq/YTl4SWggsARXzHkq+MlTXLEGMdDMZcjOhB7eCkc9oIsXj9k6 fHc27bHU7TQRy2y5w/poDnU6LOlnavQAHT0LrDNj7PdCfZbvqorPSckrebkls7Ci iMo068XlAfWfIDT57yFEZNbd0WA+bVNZcPtQLzIVil8lxrSTtxXGC49xnNLA3Lay 87uJbXZLUsgC0PUHx1No2QYpqRCnDdamkh07R0OaMROyZZPyO3BGeyUHKtFNW6Zz UUlv1NwXN3d9E6K3mvaBQqYGbVae22y8SrJOL/qLM7e8E/FO2MM7kSzbdbwHTEIJ JWJomZXVtQkoQW0uw5REUleCDnrsfAkqgwsZAtmHXOcPBP6tlbR8o+BFUXo54J6S SSXzvHgRCmU= =VeS/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1603", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "bluez", scope: "eq", trust: 1.6, vendor: "bluez", version: "5.58", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "9.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "10.0", }, { model: "gnu/linux", scope: null, trust: 0.8, vendor: "debian", version: null, }, { model: "bluez", scope: null, trust: 0.8, vendor: "bluez", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-92546", }, { db: "JVNDB", id: "JVNDB-2021-014847", }, { db: "NVD", id: "CVE-2021-41229", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Ubuntu", sources: [ { db: "PACKETSTORM", id: "165065", }, ], trust: 0.1, }, cve: "CVE-2021-41229", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", exploitabilityScore: 6.5, id: "CVE-2021-41229", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1.9, vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", exploitabilityScore: 6.5, id: "CNVD-2021-92546", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-41229", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "security-advisories@github.com", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-41229", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-41229", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-41229", trust: 1, value: "MEDIUM", }, { author: "security-advisories@github.com", id: "CVE-2021-41229", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-41229", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2021-92546", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202111-1194", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-41229", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-92546", }, { db: "VULMON", id: "CVE-2021-41229", }, { db: "JVNDB", id: "JVNDB-2021-014847", }, { db: "CNNVD", id: "CNNVD-202111-1194", }, { db: "NVD", id: "CVE-2021-41229", }, { db: "NVD", id: "CVE-2021-41229", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. BlueZ Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. \n\r\n\r\nBlueZ has a resource management error vulnerability. The vulnerability stems from a vulnerability in the cstate alloc buf of the sdp in the affected version. ==========================================================================\nUbuntu Security Notice USN-5155-1\nNovember 23, 2021\n\nbluez vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in BlueZ. \n\nSoftware Description:\n- bluez: Bluetooth tools and daemons\n\nDetails:\n\nIt was discovered that BlueZ incorrectly handled the Discoverable status\nwhen a device is powered down. This could result in devices being powered\nup discoverable, contrary to expectations. This issue only affected Ubuntu\n20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-3658)\n\nIt was discovered that BlueZ incorrectly handled certain memory operations. \nA remote attacker could possibly use this issue to cause BlueZ to consume\nresources, leading to a denial of service. (CVE-2021-41229)\n\nIt was discovered that the BlueZ gatt server incorrectly handled\ndisconnects. (CVE-2021-43400)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n bluez 5.60-0ubuntu2.1\n libbluetooth3 5.60-0ubuntu2.1\n\nUbuntu 21.04:\n bluez 5.56-0ubuntu4.3\n libbluetooth3 5.56-0ubuntu4.3\n\nUbuntu 20.04 LTS:\n bluez 5.53-0ubuntu3.4\n libbluetooth3 5.53-0ubuntu3.4\n\nUbuntu 18.04 LTS:\n bluez 5.48-0ubuntu3.6\n libbluetooth3 5.48-0ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: bluez security update\nAdvisory ID: RHSA-2022:2081-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2081\nIssue date: 2022-05-10\nCVE Names: CVE-2021-41229 \n=====================================================================\n\n1. Summary:\n\nAn update for bluez is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe bluez packages contain the following utilities for use in Bluetooth\napplications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start\nscripts (Red Hat), and pcmcia configuration files. \n\nSecurity Fix(es):\n\n* bluez: memory leak in the SDP protocol (CVE-2021-41229)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2025034 - CVE-2021-41229 bluez: memory leak in the SDP protocol\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nbluez-cups-5.56-3.el8.aarch64.rpm\nbluez-cups-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-debugsource-5.56-3.el8.aarch64.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-libs-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-obexd-debuginfo-5.56-3.el8.aarch64.rpm\n\nppc64le:\nbluez-cups-5.56-3.el8.ppc64le.rpm\nbluez-cups-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-debugsource-5.56-3.el8.ppc64le.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-libs-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-obexd-debuginfo-5.56-3.el8.ppc64le.rpm\n\ns390x:\nbluez-cups-5.56-3.el8.s390x.rpm\nbluez-cups-debuginfo-5.56-3.el8.s390x.rpm\nbluez-debuginfo-5.56-3.el8.s390x.rpm\nbluez-debugsource-5.56-3.el8.s390x.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.s390x.rpm\nbluez-libs-debuginfo-5.56-3.el8.s390x.rpm\nbluez-obexd-debuginfo-5.56-3.el8.s390x.rpm\n\nx86_64:\nbluez-cups-5.56-3.el8.x86_64.rpm\nbluez-cups-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-debugsource-5.56-3.el8.x86_64.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-libs-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-obexd-debuginfo-5.56-3.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nbluez-5.56-3.el8.src.rpm\n\naarch64:\nbluez-5.56-3.el8.aarch64.rpm\nbluez-cups-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-debugsource-5.56-3.el8.aarch64.rpm\nbluez-hid2hci-5.56-3.el8.aarch64.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-libs-5.56-3.el8.aarch64.rpm\nbluez-libs-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-obexd-5.56-3.el8.aarch64.rpm\nbluez-obexd-debuginfo-5.56-3.el8.aarch64.rpm\n\nppc64le:\nbluez-5.56-3.el8.ppc64le.rpm\nbluez-cups-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-debugsource-5.56-3.el8.ppc64le.rpm\nbluez-hid2hci-5.56-3.el8.ppc64le.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-libs-5.56-3.el8.ppc64le.rpm\nbluez-libs-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-obexd-5.56-3.el8.ppc64le.rpm\nbluez-obexd-debuginfo-5.56-3.el8.ppc64le.rpm\n\ns390x:\nbluez-5.56-3.el8.s390x.rpm\nbluez-cups-debuginfo-5.56-3.el8.s390x.rpm\nbluez-debuginfo-5.56-3.el8.s390x.rpm\nbluez-debugsource-5.56-3.el8.s390x.rpm\nbluez-hid2hci-5.56-3.el8.s390x.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.s390x.rpm\nbluez-libs-5.56-3.el8.s390x.rpm\nbluez-libs-debuginfo-5.56-3.el8.s390x.rpm\nbluez-obexd-5.56-3.el8.s390x.rpm\nbluez-obexd-debuginfo-5.56-3.el8.s390x.rpm\n\nx86_64:\nbluez-5.56-3.el8.x86_64.rpm\nbluez-cups-debuginfo-5.56-3.el8.i686.rpm\nbluez-cups-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-debuginfo-5.56-3.el8.i686.rpm\nbluez-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-debugsource-5.56-3.el8.i686.rpm\nbluez-debugsource-5.56-3.el8.x86_64.rpm\nbluez-hid2hci-5.56-3.el8.x86_64.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.i686.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-libs-5.56-3.el8.i686.rpm\nbluez-libs-5.56-3.el8.x86_64.rpm\nbluez-libs-debuginfo-5.56-3.el8.i686.rpm\nbluez-libs-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-obexd-5.56-3.el8.x86_64.rpm\nbluez-obexd-debuginfo-5.56-3.el8.i686.rpm\nbluez-obexd-debuginfo-5.56-3.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\nbluez-cups-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-debugsource-5.56-3.el8.aarch64.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-libs-debuginfo-5.56-3.el8.aarch64.rpm\nbluez-libs-devel-5.56-3.el8.aarch64.rpm\nbluez-obexd-debuginfo-5.56-3.el8.aarch64.rpm\n\nppc64le:\nbluez-cups-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-debugsource-5.56-3.el8.ppc64le.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-libs-debuginfo-5.56-3.el8.ppc64le.rpm\nbluez-libs-devel-5.56-3.el8.ppc64le.rpm\nbluez-obexd-debuginfo-5.56-3.el8.ppc64le.rpm\n\ns390x:\nbluez-cups-debuginfo-5.56-3.el8.s390x.rpm\nbluez-debuginfo-5.56-3.el8.s390x.rpm\nbluez-debugsource-5.56-3.el8.s390x.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.s390x.rpm\nbluez-libs-debuginfo-5.56-3.el8.s390x.rpm\nbluez-libs-devel-5.56-3.el8.s390x.rpm\nbluez-obexd-debuginfo-5.56-3.el8.s390x.rpm\n\nx86_64:\nbluez-cups-debuginfo-5.56-3.el8.i686.rpm\nbluez-cups-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-debuginfo-5.56-3.el8.i686.rpm\nbluez-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-debugsource-5.56-3.el8.i686.rpm\nbluez-debugsource-5.56-3.el8.x86_64.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.i686.rpm\nbluez-hid2hci-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-libs-debuginfo-5.56-3.el8.i686.rpm\nbluez-libs-debuginfo-5.56-3.el8.x86_64.rpm\nbluez-libs-devel-5.56-3.el8.i686.rpm\nbluez-libs-devel-5.56-3.el8.x86_64.rpm\nbluez-obexd-debuginfo-5.56-3.el8.i686.rpm\nbluez-obexd-debuginfo-5.56-3.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-41229\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYnqRLtzjgjWX9erEAQhLSQ//ZwYEUw8IqRkMhaXHWMrPk50APquWo/Dk\ngIcV1Slmo0NTJMHosbYiJ6PFzQKcrPO36c1pXjPewLSvzY2Y8yp55E9Y9kUTMENn\nUe2wFrM9hFqFhACbZlVDViwsnj9gp18n9DfPrtJzU0py8jJrkm1KMyiqtUzkoA6r\nP0jQl0q7GtU5TCerU8QOpc2bWcaOXD6dT5AwcgOWDyQ9CU38nuIXGrcdf6JkXybx\nT8nWOA4FNBMW5X0uISgeMrsxI0eT8sn0ww+i/cnOOA9QczqpKxy682NFbsWDwQWY\nu09h4MD4Voi+Skq/YTl4SWggsARXzHkq+MlTXLEGMdDMZcjOhB7eCkc9oIsXj9k6\nfHc27bHU7TQRy2y5w/poDnU6LOlnavQAHT0LrDNj7PdCfZbvqorPSckrebkls7Ci\niMo068XlAfWfIDT57yFEZNbd0WA+bVNZcPtQLzIVil8lxrSTtxXGC49xnNLA3Lay\n87uJbXZLUsgC0PUHx1No2QYpqRCnDdamkh07R0OaMROyZZPyO3BGeyUHKtFNW6Zz\nUUlv1NwXN3d9E6K3mvaBQqYGbVae22y8SrJOL/qLM7e8E/FO2MM7kSzbdbwHTEIJ\nJWJomZXVtQkoQW0uw5REUleCDnrsfAkqgwsZAtmHXOcPBP6tlbR8o+BFUXo54J6S\nSSXzvHgRCmU=\n=VeS/\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2021-41229", }, { db: "JVNDB", id: "JVNDB-2021-014847", }, { db: "CNVD", id: "CNVD-2021-92546", }, { db: "VULMON", id: "CVE-2021-41229", }, { db: "PACKETSTORM", id: "165065", }, { db: "PACKETSTORM", id: "167064", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-41229", trust: 4.1, }, { db: "JVNDB", id: "JVNDB-2021-014847", trust: 0.8, }, { db: "PACKETSTORM", id: "165065", trust: 0.7, }, { db: "PACKETSTORM", id: "167064", trust: 0.7, }, { db: "CNVD", id: "CNVD-2021-92546", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3989", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.4011", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.5318", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202111-1194", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-41229", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-92546", }, { db: "VULMON", id: "CVE-2021-41229", }, { db: "JVNDB", id: "JVNDB-2021-014847", }, { db: "PACKETSTORM", id: "165065", }, { db: "PACKETSTORM", id: "167064", }, { db: "CNNVD", id: "CNNVD-202111-1194", }, { db: "NVD", id: "CVE-2021-41229", }, ], }, id: "VAR-202111-1603", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-92546", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-92546", }, ], }, last_update_date: "2024-11-23T20:13:59.476000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "[SECURITY] [DLA 3157-1] bluez security update", trust: 0.8, url: "https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq", }, { title: "Patch for BlueZ resource management error vulnerability (CNVD-2021-92546)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/302016", }, { title: "BlueZ Remediation of resource management error vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=169753", }, { title: "Red Hat: Low: bluez security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222081 - Security Advisory", }, { title: "Debian CVElist Bug Report Logs: bluez: CVE-2021-41229: memory leak in the SDP protocol handling", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1cd5f4b800120c27588e61161129b32a", }, { title: "Red Hat: CVE-2021-41229", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-41229", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-41229 log", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-92546", }, { db: "VULMON", id: "CVE-2021-41229", }, { db: "JVNDB", id: "JVNDB-2021-014847", }, { db: "CNNVD", id: "CNNVD-202111-1194", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-401", trust: 1, }, { problemtype: "CWE-400", trust: 1, }, { problemtype: "Lack of memory release after expiration (CWE-401) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-014847", }, { db: "NVD", id: "CVE-2021-41229", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41229", }, { trust: 1.7, url: "https://github.com/bluez/bluez/security/advisories/ghsa-3fqg-r8j5-f5xq", }, { trust: 1.7, url: "https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html", }, { trust: 1.7, url: "https://security.netapp.com/advisory/ntap-20211203-0004/", }, { trust: 1.6, url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.5318", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/bluez-memory-leak-via-sdp-cstate-alloc-buf-36954", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.4011", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/165065/ubuntu-security-notice-usn-5155-1.html", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/167064/red-hat-security-advisory-2022-2081-01.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3989", }, { trust: 0.2, url: "https://access.redhat.com/errata/rhsa-2022:2081", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/401.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://security.archlinux.org/cve-2021-41229", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/bluez/5.60-0ubuntu2.1", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-43400", }, { trust: 0.1, url: "https://ubuntu.com/security/notices/usn-5155-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/bluez/5.56-0ubuntu4.3", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-3658", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/bluez/5.48-0ubuntu3.6", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.4", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-41229", }, { trust: 0.1, url: "https://listman.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#low", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-92546", }, { db: "VULMON", id: "CVE-2021-41229", }, { db: "JVNDB", id: "JVNDB-2021-014847", }, { db: "PACKETSTORM", id: "165065", }, { db: "PACKETSTORM", id: "167064", }, { db: "CNNVD", id: "CNNVD-202111-1194", }, { db: "NVD", id: "CVE-2021-41229", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-92546", }, { db: "VULMON", id: "CVE-2021-41229", }, { db: "JVNDB", id: "JVNDB-2021-014847", }, { db: "PACKETSTORM", id: "165065", }, { db: "PACKETSTORM", id: "167064", }, { db: "CNNVD", id: "CNNVD-202111-1194", }, { db: "NVD", id: "CVE-2021-41229", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-30T00:00:00", db: "CNVD", id: "CNVD-2021-92546", }, { date: "2021-11-12T00:00:00", db: "VULMON", id: "CVE-2021-41229", }, { date: "2022-10-28T00:00:00", db: "JVNDB", id: "JVNDB-2021-014847", }, { date: "2021-11-24T16:35:03", db: "PACKETSTORM", id: "165065", }, { date: "2022-05-11T16:30:09", db: "PACKETSTORM", id: "167064", }, { date: "2021-11-12T00:00:00", db: "CNNVD", id: "CNNVD-202111-1194", }, { date: "2021-11-12T23:15:08.857000", db: "NVD", id: "CVE-2021-41229", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-30T00:00:00", db: "CNVD", id: "CNVD-2021-92546", }, { date: "2022-04-25T00:00:00", db: "VULMON", id: "CVE-2021-41229", }, { date: "2022-10-28T08:18:00", db: "JVNDB", id: "JVNDB-2021-014847", }, { date: "2022-10-25T00:00:00", db: "CNNVD", id: "CNNVD-202111-1194", }, { date: "2024-11-21T06:25:50.123000", db: "NVD", id: "CVE-2021-41229", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202111-1194", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "BlueZ Vulnerability regarding lack of memory release after expiration in", sources: [ { db: "JVNDB", id: "JVNDB-2021-014847", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "resource management error", sources: [ { db: "CNNVD", id: "CNNVD-202111-1194", }, ], trust: 0.6, }, }