CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
82.5%
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and
bluez-utils before 3.34 versions, does not validate string length fields in
SDP packets, which allows remote SDP servers to cause a denial of service
or possibly have unspecified other impact via a crafted length field that
triggers excessive memory allocation or a buffer over-read.
Author | Note |
---|---|
mdeslaur | bluez-utils and bluez-libs only |