Lucene search
Lucas Leong (@_wmliang_) of Trend Micro Zero Day InitiativeZDI-23-1902HistoryDec 21, 2023 - 12:00 a.m.
(0Day) BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability
2023-12-2100:00:00
Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
12
network-adjacent
arbitrary code execution
bluetooth device
validation flaw
heap-based buffer
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
Related
nvd
nvd
CVE-2023-51596
2024-05-03 03:16:20
cve
cve
CVE-2023-51596
2024-05-03 03:16:20
redhatcve
redhatcve
CVE-2023-51596
2024-05-03 21:30:03
alpinelinux
alpinelinux
CVE-2023-51596
2024-05-03 03:16:20
cvelist
cvelist
debiancve
debiancve
CVE-2023-51596
2024-05-03 03:16:20
vulnrichment
vulnrichment
nessus
nessus
Photon OS 3.0: Bluez PHSA-2024-3.0-0747
2024-07-24 00:00:00
Photon OS 4.0: Bluez PHSA-2024-4.0-0591
2024-07-23 00:00:00
Photon OS 5.0: Bluez PHSA-2024-5.0-0238
2024-07-23 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-5.0-0238
2024-04-03 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0747
2024-04-08 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0591
2024-04-11 00:00:00