CVE-2023-50229

🗓️ 03 May 2024 03:11:16Reported by zdiType

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required

Reporter	Title	Published	Views	Family All 55
Vulnrichment	CVE-2023-50229 BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability	3 May 202402:14	–	vulnrichment
Zero Day Initiative	BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability	20 Dec 202300:00	–	zdi
NVD	CVE-2023-50229	3 May 202403:16	–	nvd
Debian CVE	CVE-2023-50229	3 May 202403:16	–	debiancve
Cvelist	CVE-2023-50229 BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability	3 May 202402:14	–	cvelist
OSV	CVE-2023-50229	3 May 202403:16	–	osv
OSV	USN-7222-1 bluez vulnerabilities	22 Jan 202514:41	–	osv
OSV	DLA-3879-1 bluez - security update	7 Sep 202400:00	–	osv
OSV	ALSA-2024:9413 Moderate: bluez security update	12 Nov 202400:00	–	osv
OSV	RLSA-2024:9413 Moderate: bluez security update	17 Mar 202520:16	–	osv

Vulners

Vulnrichment

Node

bluez bluezRange≤5.66

[
  {
    "vendor": "BlueZ",
    "product": "BlueZ",
    "versions": [
      {
        "version": "5.66",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-1811/
github	www.github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 May 2024 03:16Current

7.1High risk

Vulners AI Score7.1

CVSS37.1

EPSS0.06881

SSVC

CWE-122