Lucene search

K

Bluez Security Vulnerabilities

cve
cve

CVE-2023-27349

BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the.....

7.1CVSS

7.2AI Score

0.001EPSS

2024-05-03 02:15 AM
51
cve
cve

CVE-2023-44431

BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target.....

7.1CVSS

7.3AI Score

0.001EPSS

2024-05-03 03:15 AM
25
cve
cve

CVE-2023-50229

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

7.1CVSS

7.1AI Score

0.0005EPSS

2024-05-03 03:16 AM
26
cve
cve

CVE-2023-51580

BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this...

5.4CVSS

5.1AI Score

0.001EPSS

2024-05-03 03:16 AM
24
cve
cve

CVE-2023-51589

BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability....

5.4CVSS

5.5AI Score

0.001EPSS

2024-05-03 03:16 AM
30
cve
cve

CVE-2023-51594

BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a...

2.6CVSS

3.4AI Score

0.001EPSS

2024-05-03 03:16 AM
32
cve
cve

CVE-2023-50230

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

7.1CVSS

7.2AI Score

0.0005EPSS

2024-05-03 03:16 AM
26
cve
cve

CVE-2023-51596

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

7.1CVSS

7.3AI Score

0.001EPSS

2024-05-03 03:16 AM
25
cve
cve

CVE-2023-51592

BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability.....

5.4CVSS

6.1AI Score

0.001EPSS

2024-05-03 03:16 AM
28
cve
cve

CVE-2008-2374

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field...

7.2AI Score

0.009EPSS

2008-07-07 11:41 PM
32
cve
cve

CVE-2022-3563

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch.....

5.7CVSS

5.7AI Score

0.0004EPSS

2022-10-17 07:15 PM
39
cve
cve

CVE-2022-3637

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of.....

5.5CVSS

5.4AI Score

0.0004EPSS

2022-10-21 11:15 AM
26
7
cve
cve

CVE-2022-0204

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of...

8.8CVSS

8.1AI Score

0.001EPSS

2022-03-10 05:44 PM
151
4
cve
cve

CVE-2018-10910

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are...

4.5CVSS

3.9AI Score

0.0004EPSS

2019-01-28 03:29 PM
201
cve
cve

CVE-2021-41229

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large...

6.5CVSS

6.2AI Score

0.001EPSS

2021-11-12 11:15 PM
127
2
cve
cve

CVE-2021-43400

An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue...

9.1CVSS

8.9AI Score

0.002EPSS

2021-11-04 11:15 PM
115
4
cve
cve

CVE-2019-8922

A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer....

8.8CVSS

8.6AI Score

0.001EPSS

2021-11-29 08:15 AM
80
4
cve
cve

CVE-2019-8921

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking...

6.5CVSS

7.3AI Score

0.001EPSS

2021-11-29 08:15 AM
75
3
cve
cve

CVE-2022-39177

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in...

8.8CVSS

8.1AI Score

0.001EPSS

2022-09-02 04:15 AM
58
12
cve
cve

CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate...

8.8CVSS

8.2AI Score

0.001EPSS

2022-09-02 04:15 AM
63
15
cve
cve

CVE-2021-3588

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for...

3.3CVSS

4AI Score

0.001EPSS

2021-06-10 03:15 AM
186
5
cve
cve

CVE-2021-0129

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent...

5.7CVSS

6.3AI Score

0.0005EPSS

2021-06-09 08:15 PM
363
11
cve
cve

CVE-2021-3658

bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to...

6.5CVSS

6.3AI Score

0.001EPSS

2022-03-02 11:15 PM
130
2
cve
cve

CVE-2020-24490

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support...

6.5CVSS

6.9AI Score

0.001EPSS

2021-02-02 10:15 PM
264
2
cve
cve

CVE-2020-12352

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent...

6.5CVSS

7.4AI Score

0.003EPSS

2020-11-23 05:15 PM
312
6
cve
cve

CVE-2020-27153

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT...

8.6CVSS

8.2AI Score

0.05EPSS

2020-10-15 03:15 AM
271
6
cve
cve

CVE-2020-0556

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent...

7.1CVSS

6.8AI Score

0.001EPSS

2020-03-12 09:15 PM
339
cve
cve

CVE-2017-1000250

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute...

6.5CVSS

6.4AI Score

0.005EPSS

2017-09-12 05:29 PM
284
cve
cve

CVE-2016-7837

Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland...

7.8CVSS

7.4AI Score

0.001EPSS

2017-06-09 04:29 PM
53
cve
cve

CVE-2016-9918

In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon...

7.5CVSS

7.2AI Score

0.003EPSS

2016-12-08 08:59 AM
109
cve
cve

CVE-2016-9917

In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump...

7.5CVSS

7.6AI Score

0.001EPSS

2016-12-08 08:59 AM
117
cve
cve

CVE-2016-9804

In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be...

5.3CVSS

6.2AI Score

0.002EPSS

2016-12-03 06:59 AM
41
8
cve
cve

CVE-2016-9803

In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is...

5.3CVSS

5.2AI Score

0.002EPSS

2016-12-03 06:59 AM
21
cve
cve

CVE-2016-9802

In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon...

5.3CVSS

6.1AI Score

0.003EPSS

2016-12-03 06:59 AM
125
cve
cve

CVE-2016-9801

In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump...

5.3CVSS

6.2AI Score

0.002EPSS

2016-12-03 06:59 AM
41
cve
cve

CVE-2016-9800

In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp"...

5.3CVSS

6.2AI Score

0.002EPSS

2016-12-03 06:59 AM
41
cve
cve

CVE-2016-9799

In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon...

5.3CVSS

5.7AI Score

0.002EPSS

2016-12-03 06:59 AM
18
cve
cve

CVE-2016-9798

In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump...

5.3CVSS

6AI Score

0.004EPSS

2016-12-03 06:59 AM
129
cve
cve

CVE-2016-9797

In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump...

5.3CVSS

6.1AI Score

0.002EPSS

2016-12-03 06:59 AM
104
cve
cve

CVE-2006-6899

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka...

6.2AI Score

0.224EPSS

2007-01-08 08:00 PM
22
cve
cve

CVE-2006-0670

Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP)...

6.5AI Score

0.096EPSS

2006-02-13 10:02 PM
31
cve
cve

CVE-2005-2547

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN...

7.3AI Score

0.015EPSS

2005-08-12 04:00 AM
32