250 matches found
CVE-2026-10660
The CVE-2026-10660 issue affects the Zephyr Bluetooth BAP Broadcast Assistant GATT client (subsys/bluetooth/audio/bap_broadcast_assistant.c). A single static net_buf_simple buffer (att_buf, BT_ATT_MAX_ATTRIBUTE_LEN = 512) is shared across all connections; per-connection state (BUSY flag, long-rea...
CVE-2026-5768
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...
CVE-2026-5768
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...
CVE-2026-5768 Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...
CVE-2026-5768
CVE-2026-5768 concerns the Frontier X2 device and Frontier X mobile app, where unauthenticated BLE read/write access to critical GATT characteristics enables attackers within BLE range to control device functions, trigger vibrations, cause DoS, and forge health telemetry by impersonating devices ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
BlueZ HID over GATT Profile: Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected BlueZ installations. Authentication is not required to exploit this vulnerability. The specific flaw lies in the...
Astra Linux – Vulnerability in bluez
The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...
Astra Linux – Vulnerability in bluez
A issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free condition can occur when a client disconnects during D-Bus processing of a WriteValue call...
CLSA-2026-1777541445 bluez: Fix of 3 CVEs
CVE-2022-0204: fix heap overflow when appending prepare writes in gatt-server - CVE-2022-39176: fix not checking paramslen in AVRCP vendordep PDU handling - CVE-2022-39177: fix accepting invalid/malformed capabilities in AVDTP...
EUVD-2026-8870
Golioth Pouch version 0.1.0 prior to INSERT FIXED VERSION, fixed in commit 1b2219a1, contain a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent...
CVE-2026-23750
Golioth Pouch 0.1.0 (prior to the fixed version) is affected by a heap-based buffer overflow in the BLE GATT server certificate handling. In server_cert_write(), a heap buffer of CONFIG_POUCH_SERVER_CERT_MAX_LEN is allocated for the first fragment, and subsequent fragments are appended via memcpy...
CVE-2026-23750 Golioth Pouch (prior to commit 1b2219a1) BLE GATT Heap-based Buffer Overflow
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent fragments using memcpy witho...
pouch 安全漏洞
Pouch is a non-IP protocol developed by Golioth. Version 0.1.0 of Pouch contains a security vulnerability. This vulnerability stems from a heap-based buffer overflow issue during the processing of BLE GATT server certificates, which could lead to heap overflow and system crashes...
PT-2026-22169
Name of the Vulnerable Software and Affected Versions Golioth Pouch versions prior to commit 1b2219a1 Description The software contains a heap-based buffer overflow in BLE GATT server certificate handling. The server cert write function allocates a heap buffer of size CONFIG POUCH SERVER CERT MAX...
PT-2026-6299
Name of the Vulnerable Software and Affected Versions Espressif Internet of Things IOT Development Framework versions 5.1.6 through 5.5.2 Description The Espressif Internet of Things IOT Development Framework contains a use-after-free issue in the BLE provisioning transport protocomm ble layer...
CVE-2023-43512
Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer...
CVE-2024-2104
Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...
CVE-2024-2104
Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...
CVE-2024-2104 JBL: Improper BLE security configurations and lack of authentication on the device's GATT server
Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...
CVE-2024-2104 JBL: Improper BLE security configurations and lack of authentication on the device's GATT server
Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...