EUVD-2021-26896

Malware in sbrugna...

Ubuntu 18.04 LTS / 20.04 LTS : BlueZ vulnerabilities (USN-4989-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4989-1 advisory. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to...

BlueZ buffer overflow vulnerability (CNVD-2021-44978)

BlueZ is a Bluetooth protocol stack written in C. It is primarily used to provide support for the core Bluetooth layers and protocols. BlueZ suffers from a buffer overflow vulnerability that stems from the clifeatreadcb function in src/gatt-database.c failing to perform a bounds check on the...

CVE-2021-3588

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...

DEBIAN-CVE-2021-3588

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...

CVE-2021-3588

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...

CVE-2021-3588

CVE-2021-3588 affects BlueZ (BlueZ Bluetooth stack). The issue is in cli_feat_read_cb() in src/gatt-database.c where bounds checks on offset are missing before indexing an array, potentially exposing memory contents. Multiple advisories indicate downstream risk and mitigation via upgrading BlueZ ...

CVE-2021-3588 memory contents disclosure in cli_feat_read_cb

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...