Amazon Linux 2 : bluez (ALAS-2023-2309)

The version of bluez installed on the remote host is prior to 5.44-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2309 advisory. An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVCATTRREQ by the SD...

CVE-2019-8921

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVCATTRREQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrar...

Heap overflow

A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer...

PT-2019-6138 · Linux +2 · Bluez +2

Name of the Vulnerable Software and Affected Versions: BlueZ versions through 5.48 Description: The issue is related to the implementation of the SDP service in the Bluetooth protocol stack for Linux BlueZ, which is associated with insufficient authentication of data. This can allow a remote...