37 matches found
CVE-2021-0129
CVE-2021-0129 is associated with BlueZ (Linux Bluetooth stack). The connected Debian advisory notes that CVE-2021-0129 involves improper access control during pairing, enabling impersonation of the initiating device and potential information disclosure. Other sources in the connected data referen...
CVE-2020-0556
Concretely, CVE-2020-0556 affects BlueZ HID/HOGP handling. The vulnerability arises from improper access control: BlueZ before 5.54 does not require bonding between HID devices and hosts, enabling an unauthenticated attacker with adjacent access to impersonate an HID device, establish encrypted l...
CVE-2017-1000250
CVE-2017-1000250 affects the BlueZ Bluetooth stack SDP server. All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information-disclosure flaw in the processing of SDP search attribute requests, allowing a proximate attacker to read portions of bluetoothd process memory ...
CVE-2020-27153
BlueZ (Bluetooth protocol stack) vulnerability CVE-2020-27153: a double-free in gatttool’s disconnect_cb() in shared/att.c can be exploited during service discovery to trigger denial of service or potentially arbitrary code execution. Affected: BlueZ versions before 5.55. Impact observed as DoS a...
CVE-2020-24490
CVE-2020-24490 is reported in the Mageia advisory MGASA-2020-0392 as a Bluetooth L2CAP/extended advertising processing flaw in the Linux kernel Bluetooth implementation. A remote attacker within an adjacent range can trigger a heap buffer overflow by sending a specially crafted Bluetooth packet, ...
CVE-2018-10910
CVE-2018-10910 affects bluez; a bug can set Bluetooth Discoverable on when no Bluetooth agent is registered, potentially allowing unauthorized pairing. The issue is tied to bluez versions before 5.51 and is discussed across Nessus/OpenVAS/Miracle/Oracle advisories, which note vendor-supplied fixe...
CVE-2021-3588
CVE-2021-3588 affects BlueZ (BlueZ Bluetooth stack). The issue is in cli_feat_read_cb() in src/gatt-database.c where bounds checks on offset are missing before indexing an array, potentially exposing memory contents. Multiple advisories indicate downstream risk and mitigation via upgrading BlueZ ...
CVE-2023-27349
CVE-2023-27349 affects the BlueZ Bluetooth stack (Audio Profile AVRCP) and is due to improper validation of array indexes in the AVRCP handling path, causing a write past the end of an allocated buffer. The issue enables network-adjacent attackers to execute code with root privileges on vulnerabl...
CVE-2023-44431
BlueZ AVRCP Stack-based Buffer Overflow (CVE-2023-44431) allows remote code execution when a device connects via Bluetooth. Root-level code execution is possible due to insufficient validation of the AVRCP data length before copying into a fixed-size stack buffer. Exploitation requires network-ad...
CVE-2021-41229
BlueZ contains a memory-leak vulnerability in the SDP path (sdp_cstate_alloc_buf) that can cause the service to be exhausted if an attacker continuously sends SDP packets. The issue is described across multiple advisories as affecting BlueZ and being mitigated by upgrading to patched BlueZ packag...
CVE-2022-0204
CVE-2022-0204 is a heap overflow vulnerability in BlueZ (Bluetooth stack) affecting versions prior to 5.63. Multiple connected advisories confirm impact via a local-network attack that can cause a target application to halt/crash, resulting in Denial of Service. Remediation is to upgrade BlueZ to...
CVE-2023-51596
CVE-2023-51596 refers to a heap-based buffer overflow in BlueZ’s Phone Book Access Profile that can lead to remote code execution with root privileges after a device connection to a malicious Bluetooth device. The flaw arises from improper validation of user-supplied data length before copying in...
CVE-2021-3658
The CVE-2021-3658 entry concerns bluez’s bluetoothd: a bug in saving/restoring the Discoverable flag causes a device that was Discoverable when powered down to remain Discoverable when powered back on. Affected component: bluez (bluetoothd). Root cause: incorrect handling of the adapter Discovera...
CVE-2016-9798
CVE-2016-9798 details (supported by connected docs): In BlueZ 5.42, a use-after-free exists in the conf_opt function (tools/parser/l2cap.c). The issue can be triggered by processing a corrupted dump file and results in a crash of hcidump. The available connected documents confirm the affected com...
CVE-2021-43400
CVE-2021-43400 affects BlueZ (BlueZ 5.61) in the gatt-database.c component. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call, potentially enabling memory corruption. The issue is documented across multiple advisories (Astra Linux, Debian LTS/DLA li...
CVE-2024-8805
CVE-2024-8805 affects BlueZ HID over GATT Profile. The flaw is an improper access control in the HID over GATT implementation, allowing network-adjacent attackers to execute arbitrary code in the context of the current user without authentication. Documentation confirms the impact as remote code ...
CVE-2016-9802
CVE-2016-9802 is a BlueZ 5.42 vulnerability in the l2cap_packet function (monitor/packet.c) causing a buffer over-read when processing a corrupted dump, which can crash btmon. Connected documents (EulerOS/NE AMD/OpenVAS entries) corroborate BlueZ 5.42 issues affecting similar components (e.g., l2...
CVE-2019-8921
CVE-2019-8921 is a BlueZ Bluetooth stack vulnerability affecting bluetoothd, specifically in the SDP implementation. The issue arises from how SVC_ATTR_REQ is handled; by crafting a malicious CSTATE, an attacker could cause the server to return more bytes than the buffer can hold, leaking heap da...
CVE-2016-9917
In BlueZ, CVE-2016-9917 is a buffer overflow in read_n() inside tools/hcidump.c (BlueZ 5.42) that can be triggered by a corrupted dump, leading to hcidump crash. Connected sources also enumerate related CVEs (e.g., 2016-9797, 2016-9798, 2016-9800–9804, 2016-9918) associated with BlueZ components,...
CVE-2016-9797
CVE-2016-9797 is a buffer over-read in BlueZ 5.42, specifically in the l2cap_dump function (tools/parser/l2cap.c). It can be triggered by processing a corrupted dump file and leads to a hcidump crash. Affected product: BlueZ. Root cause: boundary condition flaw allowing over-read. In the provided...
CVE-2019-8922
BlueZ Bluetooth stack vulnerability CVE-2019-8922 affects bluetoothd through 5.48. The issue is a heap-based buffer overflow in the SDP handling: service_attr_req in sdpd-request.c does not verify destination buffer space, potentially causing a heap overflow when a crafted request yields a large ...
CVE-2023-51589
CVE-2023-51589 affects BlueZ Audio Profile AVRCP parse_media_element, causing an out-of-bounds read information disclosure. The flaw stems from insufficient validation of AVRCP data, enabling network-adjacent attackers to disclose data via Bluetooth after the target connects to a malicious device...
CVE-2016-7837
CVE-2016-7837 affects BlueZ 5.41 and earlier; the vulnerability is a buffer overflow in the parse_line function used by some userland utilities that could allow an attacker to execute arbitrary code. The description specifies a local attack vector with potential high impact, and does not provide ...
CVE-2023-50230
BlueZ CVE-2023-50230 is a heap-based overflow in the Phone Book Access profile that can allow remote code execution with root privileges when a network-adjacent attacker connects to a malicious Bluetooth device. The flaw arises from unchecked length while copying user data into a fixed-size heap ...
CVE-2022-39176
CVE-2022-39176 affects BlueZ before 5.59. The underlying flaw is that profiles/audio/avrcp.c does not validate params_len, enabling physically proximate attackers to obtain sensitive information. Documented across multiple sources (Astra Linux advisory, Debian DLA-3879, Red Hat/Nessus plugs) conf...
CVE-2023-50229
CVE-2023-50229 affects BlueZ PBAP heap-based buffer overflow. Affects BlueZ with PBAP handling; vulnerability allows remote code execution by network-adjacent attackers, requiring the target to connect to a malicious Bluetooth device. Some connected advisories indicate patches are available (e.g....
CVE-2022-39177
CVE-2022-39177 affects BlueZ before 5.59. The vulnerability allows physically proximate attackers to cause a denial of service by sending malformed/invalid capabilities that are processed in profiles/audio/avdtp.c. Connected sources (Astra Linux bulletin and Debian/Debian LTS/DLA-3879) confirm Bl...
CVE-2023-51594
CVE-2023-51594 affects BlueZ OBEX library. The vulnerability stems from improper validation of OBEX protocol parameters, causing an out-of-bounds read and information disclosure in BlueZ. Exploitation requires a network-adjacent attacker who must have the target connect to a malicious Bluetooth d...
CVE-2023-51592
CVE-2023-51592 affects BlueZ Audio Profile AVRCP parse_media_folder, causing an out-of-bounds read information disclosure. The flaw stems from improper validation of AVRCP data, enabling network-adjacent attackers to read memory and potentially escalate, with exploitation requiring the target to ...
CVE-2022-3563
The CVE-2022-3563 entry affects BlueZ in Linux (BlueZ component; file tools/mgmt-tester.c). The root cause is manipulation of cap_len in read_50_controller_cap_complete, leading to a null pointer dereference. Impact stated as availability loss (NVD score I/A) with no confidentiality/integrity imp...
CVE-2023-51580
CVE-2023-51580 is a BlueZ AVRCP vulnerability described as an out-of-bounds read in the AVRCP parse_attribute_list handling, allowing network-adjacent attackers to disclose sensitive information over Bluetooth when a victim connects to a malicious device. Public details in connected documents con...
CVE-2016-9800
CVE-2016-9800 affects BlueZ 5.42. The overflow occurs in pin_code_reply_dump (tools/parser/hci.c) where the pin array is overflowed due to missing boundary checks on the buffer size from cp parameter (pin_code_reply_cp *cp). This is a buffer overflow risk that could impact Bluetooth-related tooli...
CVE-2016-9804
In BlueZ 5.42, CVE-2016-9804 is a buffer overflow in the commands_dump path of the hcidump tooling. The overflow occurs in tools/parser/csr.c due to lack of boundary checks on the size of the buffer from frm->ptr, overflowing the commands array when processing a corrupted dump file and causing...
CVE-2016-9801
CVE-2016-9801 concerns BlueZ up to version 5.42, where a buffer overflow was observed in the set_ext_ctrl function located in tools/parser/l2cap.c when processing a corrupted dump file. The vulnerability stems from unsafe memory handling in l2cap-related processing, which could impact the availab...
CVE-2022-3637
CVE-2022-3637 : A vulnerability in BlueZ for Linux involves the function jlink_init in monitor/jlink.c, leading to a denial of service. The issue is described as affecting BlueZ within the Linux kernel stack, with the provided description indicating that a patch is available to fix the issue. Exp...
CVE-2016-9803
CVE-2016-9803 concerns BlueZ 5.42 where an out-of-bounds read occurs in le_meta_ev_dump (tools/parser/hci.c). The issue arises because the variable read index, ‘subevent’, overflows the ev_le_meta_str array, causing a read past the intended bounds. The connected documents corroborate this flaw an...
CVE-2016-9799
CVE-2016-9799 is a buffer overflow in BlueZ 5.42, specifically in pklg_read_hci inside btsnoop.c. The vulnerability can be triggered by processing a corrupted dump file and results in a btmon crash. The connected sources (NVD/OSV/CNVD references) confirm the flaw exists in BlueZ 5.42 and describe...