Lucene search
AnonymousZDI-23-1900HistoryDec 21, 2023 - 12:00 a.m.
(0Day) BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability
2023-12-2100:00:00
Anonymous
www.zerodayinitiative.com
9
vulnerability
bluez
avrcp
buffer overflow
remote code execution
bluetooth
network-adjacent attack
user interaction
malicious device
validation
stack-based buffer
root context
This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
Related
cvelist
cvelist
nvd
nvd
CVE-2023-44431
2024-05-03 03:15:57
redhatcve
redhatcve
CVE-2023-44431
2024-05-03 21:29:11
cve
cve
CVE-2023-44431
2024-05-03 03:15:57
debiancve
debiancve
CVE-2023-44431
2024-05-03 03:15:57
vulnrichment
vulnrichment
photon
photon
Moderate Photon OS Security Update - PHSA-2024-5.0-0238
2024-04-03 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0747
2024-04-08 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0591
2024-04-11 00:00:00