Debian Security Bug TrackerDEBIANCVE:CVE-2019-8921CVE-2019-8921
6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.2%
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | bluez | < 5.54-1 | bluez_5.54-1_all.deb |
| Debian | 11 | all | bluez | < 5.54-1 | bluez_5.54-1_all.deb |
| Debian | 10 | all | bluez | < 5.50-1.2~deb10u3 | bluez_5.50-1.2~deb10u3_all.deb |
| Debian | 999 | all | bluez | < 5.54-1 | bluez_5.54-1_all.deb |
| Debian | 13 | all | bluez | < 5.54-1 | bluez_5.54-1_all.deb |
Related
6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
39.2%