Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-2374

Опубликовано: 07 июл. 2008
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bluez:bluez-libs:*:*:*:*:*:*:*:*
Версия до 3.34 (исключая)
cpe:2.3:a:bluez:bluez-utils:*:*:*:*:*:*:*:*
Версия до 3.34 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.06044
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1284
CWE-1284

Связанные уязвимости

ubuntu логотип

CVE-2008-2374

CVSS3: 9.8
ubuntu
почти 17 лет назад

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

redhat логотип

CVE-2008-2374

redhat
около 17 лет назад

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

debian логотип

CVE-2008-2374

CVSS3: 9.8
debian
почти 17 лет назад

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.3 ...

github логотип

GHSA-278x-6vg6-6g42

CVSS3: 9.8
github
около 3 лет назад

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

oracle-oval логотип

ELSA-2008-0581

oracle-oval
почти 17 лет назад

ELSA-2008-0581: bluez-libs and bluez-utils security update (MODERATE)

EPSS

Процентиль: 90%
0.06044
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1284
CWE-1284