Lucene search
K
BluezBluez

37 matches found

CVE
CVE
added 2021/06/09 7:50 p.m.500 views

CVE-2021-0129

CVE-2021-0129 is associated with BlueZ (Linux Bluetooth stack). The connected Debian advisory notes that CVE-2021-0129 involves improper access control during pairing, enabling impersonation of the initiating device and potential information disclosure. Other sources in the connected data referen...

5.7CVSS6.3AI score0.00827EPSS
CVE
CVE
added 2020/03/12 8:47 p.m.403 views

CVE-2020-0556

Concretely, CVE-2020-0556 affects BlueZ HID/HOGP handling. The vulnerability arises from improper access control: BlueZ before 5.54 does not require bonding between HID devices and hosts, enabling an unauthenticated attacker with adjacent access to impersonate an HID device, establish encrypted l...

7.1CVSS6.8AI score0.01033EPSS
CVE
CVE
added 2017/09/12 5:0 p.m.390 views

CVE-2017-1000250

CVE-2017-1000250 affects the BlueZ Bluetooth stack SDP server. All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information-disclosure flaw in the processing of SDP search attribute requests, allowing a proximate attacker to read portions of bluetoothd process memory ...

6.5CVSS6.4AI score0.07774EPSS
CVE
CVE
added 2020/10/15 2:53 a.m.352 views

CVE-2020-27153

BlueZ (Bluetooth protocol stack) vulnerability CVE-2020-27153: a double-free in gatttool’s disconnect_cb() in shared/att.c can be exploited during service discovery to trigger denial of service or potentially arbitrary code execution. Affected: BlueZ versions before 5.55. Impact observed as DoS a...

8.6CVSS8.2AI score0.04242EPSS
CVE
CVE
added 2021/02/02 9:29 p.m.349 views

CVE-2020-24490

CVE-2020-24490 is reported in the Mageia advisory MGASA-2020-0392 as a Bluetooth L2CAP/extended advertising processing flaw in the Linux kernel Bluetooth implementation. A remote attacker within an adjacent range can trigger a heap buffer overflow by sending a specially crafted Bluetooth packet, ...

6.5CVSS6.9AI score0.02223EPSS
CVE
CVE
added 2019/01/28 3:0 p.m.253 views

CVE-2018-10910

CVE-2018-10910 affects bluez; a bug can set Bluetooth Discoverable on when no Bluetooth agent is registered, potentially allowing unauthorized pairing. The issue is tied to bluez versions before 5.51 and is discussed across Nessus/OpenVAS/Miracle/Oracle advisories, which note vendor-supplied fixe...

4.5CVSS3.9AI score0.00458EPSS
CVE
CVE
added 2021/06/10 2:30 a.m.240 views

CVE-2021-3588

CVE-2021-3588 affects BlueZ (BlueZ Bluetooth stack). The issue is in cli_feat_read_cb() in src/gatt-database.c where bounds checks on offset are missing before indexing an array, potentially exposing memory contents. Multiple advisories indicate downstream risk and mitigation via upgrading BlueZ ...

3.3CVSS4AI score0.0045EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.234 views

CVE-2023-27349

CVE-2023-27349 affects the BlueZ Bluetooth stack (Audio Profile AVRCP) and is due to improper validation of array indexes in the AVRCP handling path, causing a write past the end of an allocated buffer. The issue enables network-adjacent attackers to execute code with root privileges on vulnerabl...

8CVSS7.2AI score0.01427EPSS
CVE
CVE
added 2024/05/03 2:13 a.m.229 views

CVE-2023-44431

BlueZ AVRCP Stack-based Buffer Overflow (CVE-2023-44431) allows remote code execution when a device connects via Bluetooth. Root-level code execution is possible due to insufficient validation of the AVRCP data length before copying into a fixed-size stack buffer. Exploitation requires network-ad...

8CVSS7.3AI score0.01563EPSS
CVE
CVE
added 2021/11/12 12:0 a.m.225 views

CVE-2021-41229

BlueZ contains a memory-leak vulnerability in the SDP path (sdp_cstate_alloc_buf) that can cause the service to be exhausted if an attacker continuously sends SDP packets. The issue is described across multiple advisories as affecting BlueZ and being mitigated by upgrading to patched BlueZ packag...

6.5CVSS5.3AI score0.01101EPSS
CVE
CVE
added 2022/03/09 12:0 a.m.194 views

CVE-2022-0204

CVE-2022-0204 is a heap overflow vulnerability in BlueZ (Bluetooth stack) affecting versions prior to 5.63. Multiple connected advisories confirm impact via a local-network attack that can cause a target application to halt/crash, resulting in Denial of Service. Remediation is to upgrade BlueZ to...

8.8CVSS8.1AI score0.01808EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.188 views

CVE-2023-51596

CVE-2023-51596 refers to a heap-based buffer overflow in BlueZ’s Phone Book Access Profile that can lead to remote code execution with root privileges after a device connection to a malicious Bluetooth device. The flaw arises from improper validation of user-supplied data length before copying in...

7.1CVSS7.3AI score0.01493EPSS
CVE
CVE
added 2022/03/02 10:11 p.m.178 views

CVE-2021-3658

The CVE-2021-3658 entry concerns bluez’s bluetoothd: a bug in saving/restoring the Discoverable flag causes a device that was Discoverable when powered down to remain Discoverable when powered back on. Affected component: bluez (bluetoothd). Root cause: incorrect handling of the adapter Discovera...

6.5CVSS6.3AI score0.00795EPSS
CVE
CVE
added 2016/12/03 6:28 a.m.175 views

CVE-2016-9798

CVE-2016-9798 details (supported by connected docs): In BlueZ 5.42, a use-after-free exists in the conf_opt function (tools/parser/l2cap.c). The issue can be triggered by processing a corrupted dump file and results in a crash of hcidump. The available connected documents confirm the affected com...

5.3CVSS6AI score0.03806EPSS
CVE
CVE
added 2021/11/04 12:0 a.m.163 views

CVE-2021-43400

CVE-2021-43400 affects BlueZ (BlueZ 5.61) in the gatt-database.c component. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call, potentially enabling memory corruption. The issue is documented across multiple advisories (Astra Linux, Debian LTS/DLA li...

9.1CVSS8.9AI score0.01544EPSS
CVE
CVE
added 2024/11/22 9:2 p.m.162 views

CVE-2024-8805

CVE-2024-8805 affects BlueZ HID over GATT Profile. The flaw is an improper access control in the HID over GATT implementation, allowing network-adjacent attackers to execute arbitrary code in the context of the current user without authentication. Documentation confirms the impact as remote code ...

8.8CVSS9AI score0.02033EPSS
CVE
CVE
added 2016/12/03 6:28 a.m.161 views

CVE-2016-9802

CVE-2016-9802 is a BlueZ 5.42 vulnerability in the l2cap_packet function (monitor/packet.c) causing a buffer over-read when processing a corrupted dump, which can crash btmon. Connected documents (EulerOS/NE AMD/OpenVAS entries) corroborate BlueZ 5.42 issues affecting similar components (e.g., l2...

5.3CVSS6.1AI score0.03304EPSS
CVE
CVE
added 2021/11/29 12:0 a.m.157 views

CVE-2019-8921

CVE-2019-8921 is a BlueZ Bluetooth stack vulnerability affecting bluetoothd, specifically in the SDP implementation. The issue arises from how SVC_ATTR_REQ is handled; by crafting a malicious CSTATE, an attacker could cause the server to return more bytes than the buffer can hold, leaking heap da...

6.5CVSS7.3AI score0.00936EPSS
CVE
CVE
added 2016/12/08 8:8 a.m.152 views

CVE-2016-9917

In BlueZ, CVE-2016-9917 is a buffer overflow in read_n() inside tools/hcidump.c (BlueZ 5.42) that can be triggered by a corrupted dump, leading to hcidump crash. Connected sources also enumerate related CVEs (e.g., 2016-9797, 2016-9798, 2016-9800–9804, 2016-9918) associated with BlueZ components,...

7.5CVSS7.6AI score0.0359EPSS
CVE
CVE
added 2016/12/03 6:28 a.m.144 views

CVE-2016-9797

CVE-2016-9797 is a buffer over-read in BlueZ 5.42, specifically in the l2cap_dump function (tools/parser/l2cap.c). It can be triggered by processing a corrupted dump file and leads to a hcidump crash. Affected product: BlueZ. Root cause: boundary condition flaw allowing over-read. In the provided...

5.3CVSS6.1AI score0.03723EPSS
CVE
CVE
added 2021/11/29 12:0 a.m.123 views

CVE-2019-8922

BlueZ Bluetooth stack vulnerability CVE-2019-8922 affects bluetoothd through 5.48. The issue is a heap-based buffer overflow in the SDP handling: service_attr_req in sdpd-request.c does not verify destination buffer space, potentially causing a heap overflow when a crafted request yields a large ...

8.8CVSS8.6AI score0.0143EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.123 views

CVE-2023-51589

CVE-2023-51589 affects BlueZ Audio Profile AVRCP parse_media_element, causing an out-of-bounds read information disclosure. The flaw stems from insufficient validation of AVRCP data, enabling network-adjacent attackers to disclose data via Bluetooth after the target connects to a malicious device...

5.7CVSS5.5AI score0.00808EPSS
CVE
CVE
added 2017/06/09 4:0 p.m.117 views

CVE-2016-7837

CVE-2016-7837 affects BlueZ 5.41 and earlier; the vulnerability is a buffer overflow in the parse_line function used by some userland utilities that could allow an attacker to execute arbitrary code. The description specifies a local attack vector with potential high impact, and does not provide ...

7.8CVSS7.4AI score0.00556EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.111 views

CVE-2023-50230

BlueZ CVE-2023-50230 is a heap-based overflow in the Phone Book Access profile that can allow remote code execution with root privileges when a network-adjacent attacker connects to a malicious Bluetooth device. The flaw arises from unchecked length while copying user data into a fixed-size heap ...

8CVSS7.2AI score0.01493EPSS
CVE
CVE
added 2022/09/02 12:0 a.m.110 views

CVE-2022-39176

CVE-2022-39176 affects BlueZ before 5.59. The underlying flaw is that profiles/audio/avrcp.c does not validate params_len, enabling physically proximate attackers to obtain sensitive information. Documented across multiple sources (Astra Linux advisory, Debian DLA-3879, Red Hat/Nessus plugs) conf...

8.8CVSS8.2AI score0.00657EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.108 views

CVE-2023-50229

CVE-2023-50229 affects BlueZ PBAP heap-based buffer overflow. Affects BlueZ with PBAP handling; vulnerability allows remote code execution by network-adjacent attackers, requiring the target to connect to a malicious Bluetooth device. Some connected advisories indicate patches are available (e.g....

8CVSS7.1AI score0.0229EPSS
CVE
CVE
added 2022/09/02 12:0 a.m.103 views

CVE-2022-39177

CVE-2022-39177 affects BlueZ before 5.59. The vulnerability allows physically proximate attackers to cause a denial of service by sending malformed/invalid capabilities that are processed in profiles/audio/avdtp.c. Connected sources (Astra Linux bulletin and Debian/Debian LTS/DLA-3879) confirm Bl...

8.8CVSS8.1AI score0.00611EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.98 views

CVE-2023-51594

CVE-2023-51594 affects BlueZ OBEX library. The vulnerability stems from improper validation of OBEX protocol parameters, causing an out-of-bounds read and information disclosure in BlueZ. Exploitation requires a network-adjacent attacker who must have the target connect to a malicious Bluetooth d...

5.7CVSS3.4AI score0.00949EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.91 views

CVE-2023-51592

CVE-2023-51592 affects BlueZ Audio Profile AVRCP parse_media_folder, causing an out-of-bounds read information disclosure. The flaw stems from improper validation of AVRCP data, enabling network-adjacent attackers to read memory and potentially escalate, with exploitation requiring the target to ...

5.7CVSS6.1AI score0.00808EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.89 views

CVE-2022-3563

The CVE-2022-3563 entry affects BlueZ in Linux (BlueZ component; file tools/mgmt-tester.c). The root cause is manipulation of cap_len in read_50_controller_cap_complete, leading to a null pointer dereference. Impact stated as availability loss (NVD score I/A) with no confidentiality/integrity imp...

5.7CVSS4.9AI score0.00409EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.88 views

CVE-2023-51580

CVE-2023-51580 is a BlueZ AVRCP vulnerability described as an out-of-bounds read in the AVRCP parse_attribute_list handling, allowing network-adjacent attackers to disclose sensitive information over Bluetooth when a victim connects to a malicious device. Public details in connected documents con...

5.7CVSS5.1AI score0.00956EPSS
CVE
CVE
added 2016/12/03 6:28 a.m.84 views

CVE-2016-9800

CVE-2016-9800 affects BlueZ 5.42. The overflow occurs in pin_code_reply_dump (tools/parser/hci.c) where the pin array is overflowed due to missing boundary checks on the buffer size from cp parameter (pin_code_reply_cp *cp). This is a buffer overflow risk that could impact Bluetooth-related tooli...

5.3CVSS6.2AI score0.02843EPSS
CVE
CVE
added 2016/12/03 6:28 a.m.82 views

CVE-2016-9804

In BlueZ 5.42, CVE-2016-9804 is a buffer overflow in the commands_dump path of the hcidump tooling. The overflow occurs in tools/parser/csr.c due to lack of boundary checks on the size of the buffer from frm->ptr, overflowing the commands array when processing a corrupted dump file and causing...

5.3CVSS6.2AI score0.02523EPSS
CVE
CVE
added 2016/12/03 6:28 a.m.81 views

CVE-2016-9801

CVE-2016-9801 concerns BlueZ up to version 5.42, where a buffer overflow was observed in the set_ext_ctrl function located in tools/parser/l2cap.c when processing a corrupted dump file. The vulnerability stems from unsafe memory handling in l2cap-related processing, which could impact the availab...

5.3CVSS6.2AI score0.02923EPSS
CVE
CVE
added 2022/10/21 12:0 a.m.79 views

CVE-2022-3637

CVE-2022-3637 : A vulnerability in BlueZ for Linux involves the function jlink_init in monitor/jlink.c, leading to a denial of service. The issue is described as affecting BlueZ within the Linux kernel stack, with the provided description indicating that a patch is available to fix the issue. Exp...

5.5CVSS4.6AI score0.00257EPSS
CVE
CVE
added 2016/12/03 6:28 a.m.72 views

CVE-2016-9803

CVE-2016-9803 concerns BlueZ 5.42 where an out-of-bounds read occurs in le_meta_ev_dump (tools/parser/hci.c). The issue arises because the variable read index, ‘subevent’, overflows the ev_le_meta_str array, causing a read past the intended bounds. The connected documents corroborate this flaw an...

5.3CVSS5.2AI score0.02473EPSS
CVE
CVE
added 2016/12/03 6:28 a.m.50 views

CVE-2016-9799

CVE-2016-9799 is a buffer overflow in BlueZ 5.42, specifically in pklg_read_hci inside btsnoop.c. The vulnerability can be triggered by processing a corrupted dump file and results in a btmon crash. The connected sources (NVD/OSV/CNVD references) confirm the flaw exists in BlueZ 5.42 and describe...

5.3CVSS5.7AI score0.02045EPSS