CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-8921
https://notcve.org/view.php?id=CVE-2019-8921
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. • https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20211203-0002 https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-8922
https://notcve.org/view.php?id=CVE-2019-8922
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. • https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20211203-0002 https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3658
https://notcve.org/view.php?id=CVE-2021-3658
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. bluetoothd de bluez guarda incorrectamente el estado Discoverable de los adaptadores cuando es apagado un dispositivo, y lo restaura cuando es encendido. Si un dispositivo es apagado mientras es detectado, será detectado cuando es encendido de nuevo. Esto podría conllevar a una exposición inadvertida de la pila bluetooth a atacantes físicamente cercanos • https://bugzilla.redhat.com/show_bug.cgi?id=1984728 https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055 https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89 https://security.netapp.com/advisory/ntap-20220407-0002 • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3588 – memory contents disclosure in cli_feat_read_cb
https://notcve.org/view.php?id=CVE-2021-3588
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. La función cli_feat_read_cb() en src/gatt-database.c no realiza comprobaciones de límites en la variable 'offset' antes de utilizarla como índice en un array para su lectura • https://github.com/bluez/bluez/issues/70 https://security.gentoo.org/glsa/202209-16 • CWE-125: Out-of-bounds Read CWE-788: Access of Memory Location After End of Buffer •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-0129 – kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
https://notcve.org/view.php?id=CVE-2021-0129
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html https://security.gentoo.org/glsa/202209-16 https://security.netapp.com/advisory/ntap-20210716-0002 https://www.debian.org/security/2021/dsa-4951 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html https://access.redhat.com/security/cve/CVE-2021& • CWE-287: Improper Authentication •