Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-9506

Опубликовано: 14 авг. 2019
Источник: debian
EPSS Низкий

Описание

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
linuxfixed5.2.6-1package
linuxfixed4.19.67-1busterpackage
linuxfixed4.9.185-1stretchpackage

Примечания

  • Hardware issue, but mitigation in Linux kernel can be applied:

  • https://git.kernel.org/linus/d5bb334a8e171b262e48f378bd2096c0ea458265 (5.2-rc1)

  • https://git.kernel.org/linus/693cd8ce3f882524a5d06f7800dd8492411877b3 (5.2-rc6)

  • https://git.kernel.org/linus/eca94432934fe5f141d084f2e36ee2c0e614cc04 (5.2)

EPSS

Процентиль: 86%
0.02975
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-9506

CVSS3: 8.1
ubuntu
почти 6 лет назад

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

redhat логотип

CVE-2019-9506

CVSS3: 7
redhat
почти 6 лет назад

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

nvd логотип

CVE-2019-9506

CVSS3: 8.1
nvd
почти 6 лет назад

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

msrc логотип

CVE-2019-9506

CVSS3: 9.3
msrc
почти 6 лет назад

Encryption Key Negotiation of Bluetooth Vulnerability

github логотип

GHSA-5xj4-2499-67mw

CVSS3: 8.1
github
около 3 лет назад

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

EPSS

Процентиль: 86%
0.02975
Низкий