CVE-2023-51592

2024-05-0303:16:19

Debian Security Bug Tracker

security-tracker.debian.org

bluez

audio profile

out-of-bounds read

information disclosure

bluetooth

user interaction

avrcp protocol

root execution

zdi-can-20854

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.

OSVersionArchitecturePackageVersionFilename
Debian12allbluez<= 5.66-1+deb12u1bluez_5.66-1+deb12u1_all.deb
Debian11allbluez<= 5.55-3.1+deb11u1bluez_5.55-3.1+deb11u1_all.deb
Debian10allbluez<= 5.50-1.2~deb10u2bluez_5.50-1.2~deb10u2_all.deb
Debian999allbluez<= 5.73-1bluez_5.73-1_all.deb
Debian13allbluez<= 5.71-1bluez_5.71-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	bluez	<= 5.66-1+deb12u1	bluez_5.66-1+deb12u1_all.deb
Debian	11	all	bluez	<= 5.55-3.1+deb11u1	bluez_5.55-3.1+deb11u1_all.deb
Debian	10	all	bluez	<= 5.50-1.2~deb10u2	bluez_5.50-1.2~deb10u2_all.deb
Debian	999	all	bluez	<= 5.73-1	bluez_5.73-1_all.deb
Debian	13	all	bluez	<= 5.71-1	bluez_5.71-1_all.deb