Lucene search
GoogleOSV:CVE-2023-50230HistoryMay 03, 2024 - 3:16 a.m.
CVE-2023-50230
2024-05-0303:16:11
Google
osv.dev
11
remote code execution
vulnerability
bluez
phone book access
buffer overflow
network-adjacent
user interaction
bluetooth device
validation
heap-based buffer
zdi-can-20938
root access
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
Related
zdi
zdi
debiancve
debiancve
CVE-2023-50230
2024-05-03 03:16:11
redhatcve
redhatcve
CVE-2023-50230
2024-05-03 21:29:33
cve
cve
CVE-2023-50230
2024-05-03 03:16:11
cvelist
cvelist
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0182-1)
2024-01-24 00:00:00
openSUSE: Security Advisory for bluez (SUSE-SU-2024:0183-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0204-1)
2024-01-25 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2024:0204-1)
2024-01-25 00:00:00
SUSE SLES15 Security Update : bluez (SUSE-SU-2024:0182-1)
2024-01-24 00:00:00