CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-1000250 – bluez: Out-of-bounds heap read in service_search_attr_req function
https://notcve.org/view.php?id=CVE-2017-1000250
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. Todas las versiones del servidor SDP en BlueZ 5.46 y anteriores son vulnerables a sufrir una divulgación de información que permite que los atacantes remotos obtengan información sensible de la memoria del proceso bluetoothd. Esta vulnerabilidad se basa en el procesamiento de peticiones del atributo de búsqueda SDP. An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). • https://github.com/olav-st/CVE-2017-1000250-PoC http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.debian.org/security/2017/dsa-3972 http://www.securityfocus.com/bid/100814 https://access.redhat.com/errata/RHSA-2017:2685 https://access.redhat.com/security/cve/CVE-2017-1000250 https://access.redhat.com/security/vulnerabilities/blueborne https://www.armis.com/blueborne https://www.kb.cert.org/vuls/id/240311 https://www.synology.com/support/security/Sy • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7837
https://notcve.org/view.php?id=CVE-2016-7837
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. Ddesbordamiento de búfer en BlueZ 5.41 y versiones anteriores, permite a un atacante ejecutar código arbitrario a través de la función parse_line utilizada en algunas utilidades de userland. • http://www.securityfocus.com/bid/95067 https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 https://jvn.jp/en/jp/JVN38755305/index.html https://usn.ubuntu.com/4311-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9917
https://notcve.org/view.php?id=CVE-2016-9917
In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. En BlueZ 5.42, un desbordamiento de búfer fue observado en la función "read_n" en el archivo fuente "tools/hcidump.c". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resultará en una caída hcidump. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html http://www.securityfocus.com/bid/95013 https://www.spinics.net/lists/linux-bluetooth/msg68892.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9918
https://notcve.org/view.php?id=CVE-2016-9918
In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. En BlueZ 5.42, una lectura fuera de límites fue identificada en la función "packet_hexdump" en el archivo fuente "monitor/packet.c". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resultará en una caída btmon. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html http://www.securityfocus.com/bid/95013 https://www.spinics.net/lists/linux-bluetooth/msg68898.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9800
https://notcve.org/view.php?id=CVE-2016-9800
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. En BlueZ 5.42, se ha observado un desbordamiento de búfer en la función "pin_code_reply_dump" en la fuente de archivo "tools/parser/hci.c". El problema existe debido a que el "pin" se desborda por el parámetro subministrado debido a la falta de controles de límites en el tamaño del búfer del parámetro frame "pin_code_reply_cp * cp". • http://www.securityfocus.com/bid/94652 https://www.spinics.net/lists/linux-bluetooth/msg68892.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •