Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2008-2374
HistoryJul 07, 2008 - 11:41 p.m.

CVE-2008-2374

2008-07-0723:41:00
CWE-1284
[email protected]
web.nvd.nist.gov
5

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.009

Percentile

82.5%

JSON

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

Affected configurations

Nvd
Node
bluezbluez-libsRange<3.34
OR
bluezbluez-utilsRange<3.34
Node
fedoraprojectfedoraMatch8
OR
fedoraprojectfedoraMatch9
VendorProductVersionCPE
bluezbluez-libs*cpe:2.3:a:bluez:bluez-libs:*:*:*:*:*:*:*:*
bluezbluez-utils*cpe:2.3:a:bluez:bluez-utils:*:*:*:*:*:*:*:*
fedoraprojectfedora8cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
fedoraprojectfedora9cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

References

Related

openvas 14
fedora 4
oraclelinux 1
nessus 11
gentoo 1
seebug 1
securityvulns 2
cvelist 1
osv 1
ubuntucve 1
prion 1
centos 1
redhat 1
cve 1
openvas
openvas
Gentoo Security Advisory GLSA 200903-29 (bluez-utils bluez-libs)
2009-03-20 00:00:00
Fedora Update for bluez-utils FEDORA-2008-6133
2009-02-17 00:00:00
RedHat Update for bluez-libs and bluez-utils RHSA-2008:0581-01
2009-03-06 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: bluez-utils-3.35-3.fc8
2008-10-16 02:10:09
[SECURITY] Fedora 9 Update: bluez-libs-3.35-1.fc9
2008-09-10 06:51:58
[SECURITY] Fedora 8 Update: bluez-libs-3.35-1.fc8
2008-10-16 02:10:09
oraclelinux
oraclelinux
bluez-libs and bluez-utils security update
2008-07-14 00:00:00
nessus
nessus
SuSE 10 Security Update : Bluetooth utilities (ZYPP Patch Number 5437)
2008-09-24 00:00:00
openSUSE Security Update : bluez-audio (bluez-audio-100)
2009-07-21 00:00:00
Oracle Linux 4 / 5 : bluez-libs / bluez-utils (ELSA-2008-0581)
2013-07-12 00:00:00
gentoo
gentoo
BlueZ: Arbitrary code execution
2009-03-16 00:00:00
seebug
seebug
BlueZ SDPθ΄Ÿθ½½ε€„η†ε€šδΈͺηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2008-07-09 00:00:00
securityvulns
securityvulns
[ MDVSA-2008:145 ] - Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability
2008-07-18 00:00:00
bluez bluetooth stack memory corruption
2008-07-18 00:00:00
cvelist
cvelist
CVE-2008-2374
2008-07-07 23:00:00
osv
osv
obex-data-server-0.4.6-15.8 on GA media
2024-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2008-2374
2008-07-07 00:00:00
prion
prion
Memory corruption
2008-07-07 23:41:00
centos
centos
bluez security update
2008-07-14 16:47:36
redhat
redhat
(RHSA-2008:0581) Moderate: bluez-libs and bluez-utils security update
2008-07-14 00:00:00
cve
cve
CVE-2008-2374
2008-07-07 23:41:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.009

Percentile

82.5%

JSON
Related for NVD:CVE-2008-2374
openvas14fedora4oraclelinux1nessus11gentoo1seebug1securityvulns2cvelist1osv1ubuntucve1prion1centos1redhat1cve1