Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-8921

Опубликовано: 29 нояб. 2021
Источник: nvd
CVSS3: 6.5
CVSS2: 3.3
EPSS Низкий

Описание

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*
Версия до 5.48 (включая)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 9%
0.00032
Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-345

Связанные уязвимости

ubuntu логотип

CVE-2019-8921

CVSS3: 6.5
ubuntu
около 4 лет назад

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.

redhat логотип

CVE-2019-8921

CVSS3: 6.5
redhat
почти 7 лет назад

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.

debian логотип

CVE-2019-8921

CVSS3: 6.5
debian
около 4 лет назад

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulne ...

github логотип

GHSA-69h8-fh92-ch8q

CVSS3: 6.5
github
около 4 лет назад

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.

fstec логотип

BDU:2021-06165

CVSS3: 6.5
fstec
почти 7 лет назад

Уязвимость реализации службы SDP стека протоколов Bluetooth для ОС Linux BlueZ, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 9%
0.00032
Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-345