Lucene search
ZdiCVELIST:CVE-2023-50230HistoryMay 03, 2024 - 2:14 a.m.
CVE-2023-50230 BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability
2024-05-0302:14:47
CWE-122
zdi
raw.githubusercontent.com
1
bluez
buffer overflow
remote code execution
validation
heap-based buffer
bluetooth device
vulnerability
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
Related
zdi
zdi
debiancve
debiancve
CVE-2023-50230
2024-05-03 03:16:11
cve
cve
CVE-2023-50230
2024-05-03 03:16:11
redhatcve
redhatcve
CVE-2023-50230
2024-05-03 21:29:33
osv
osv
CVE-2023-50230
2024-05-03 03:16:11
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0182-1)
2024-01-24 00:00:00
openSUSE: Security Advisory for bluez (SUSE-SU-2024:0183-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0204-1)
2024-01-25 00:00:00
nessus
nessus
SUSE SLES15 Security Update : bluez (SUSE-SU-2024:0182-1)
2024-01-24 00:00:00
SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2024:0204-1)
2024-01-25 00:00:00