CLSA-2026-1777541445 bluez: Fix of 3 CVEs

CVE-2022-0204: fix heap overflow when appending prepare writes in gatt-server - CVE-2022-39176: fix not checking paramslen in AVRCP vendordep PDU handling - CVE-2022-39177: fix accepting invalid/malformed capabilities in AVDTP...

EUVD-2026-8870

Golioth Pouch version 0.1.0 prior to INSERT FIXED VERSION, fixed in commit 1b2219a1, contain a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent...

CVE-2026-23750

Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent fragments using memcpy witho...

PT-2026-22169

Name of the Vulnerable Software and Affected Versions Golioth Pouch versions prior to commit 1b2219a1 Description The software contains a heap-based buffer overflow in BLE GATT server certificate handling. The server cert write function allocates a heap buffer of size CONFIG POUCH SERVER CERT MAX...

pouch 安全漏洞

Pouch is a non-IP protocol developed by Golioth. Version 0.1.0 of Pouch contains a security vulnerability. This vulnerability stems from a heap-based buffer overflow issue during the processing of BLE GATT server certificates, which could lead to heap overflow and system crashes...

CVE-2024-2104

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

CVE-2024-2104 JBL: Improper BLE security configurations and lack of authentication on the device's GATT server

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

CVE-2024-2104 JBL: Improper BLE security configurations and lack of authentication on the device's GATT server

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

CVE-2024-49748

In gattsprocessprimaryservicereq of gattsr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-49747

In gattsprocessreadbytypereq of gattsr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-43771

In gattsprocessreadreq of gattsr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-43763

In buildreadmultirsp of gattsr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote proximal/adjacent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-43096

In buildreadmultirsp of gattsr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-1032 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to incorrect code generation management in the Android operating system's System component. It could allow a remote attacker to execute arbitrary code due to a missing...

PT-2025-1034

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description The issue is related to a heap buffer overflow in the gatts process primary service req function of gatt sr.cc, which could lead to remote code execution without needing additional execution...

CVE-2018-9414

In gattServerSendResponseNative of comandroidbluetoothgatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

PT-2024-10654 · Bluetooth · Bluetooth

Name of the Vulnerable Software and Affected Versions: Bluetooth affected versions not specified Description: The issue is related to a possible information disclosure due to uninitialized data in the gatts process read by type req function of gatt sr.c. This could lead to remote information...

PT-2024-10678 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a possible out of bounds stack write in the gattServerSendResponseNative function of com android bluetooth gatt.cpp due to a missing bounds check. This could lead to...

Updated bluez packages fix security vulnerability

Ziming Zhang discovered that BlueZ incorrectly handled memory write operations in its gatt server. A remote attacker could possibly use this to cause BlueZ to crash leading to a denial of service, or potentially remotely execute code. CVE-2022-0204...

USN-5275-1 bluez vulnerability

Ziming Zhang discovered that BlueZ incorrectly handled memory write operations in its gatt server. A remote attacker could possibly use this to cause BlueZ to crash leading to a denial of service, or potentially remotely execute code. CVE-2022-0204...