7 matches found
CVE-2023-33092
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size...
Memory corruption
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size...
CVE-2023-33092 Buffer Copy Without Checking Size of Input in Bluetooth HOST
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size...
CVE-2023-33092
CVE-2023-33092 describes a memory corruption in the Bluetooth HOST path when processing a pin reply whose value from the APP layer exceeds the expected size. The issue is caused by a buffer copy without adequate input-size checks. Reported impact in sources indicates high/severe consequences with...
PT-2023-24182 · Bluetooth · Bluetooth
Name of the Vulnerable Software and Affected Versions: Bluetooth affected versions not specified Description: The issue is related to memory corruption that occurs while processing a pin reply in Bluetooth. This happens when the pin code received from the APP layer exceeds the expected size...
CVE-2022-20461
In pinReplyNative of comandroidbluetoothbtserviceAdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2019-2209
In BTADmPinReply of btadmapi.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1...