PT-2019-6134 · Bluez+2 · Bluez+2

Julian Rauchberger

Publicado

2019-02-25

Atualizado

2025-02-12

CVE-2019-8922

CVSS v3.1

8.8

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BlueZ versions through 5.48

Description A heap-based buffer overflow was discovered in the bluetoothd component of BlueZ. The issue is caused by the lack of size checks when appending data to the output buffer in the service attr req function, which is called by process request in sdpd-request.c. This allows a remote attacker to craft a request that can overflow the preallocated buffer, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations For BlueZ versions through 5.48, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

BDU:2021-05954

CVE-2019-8922

DLA-2827-1

DLA-3157-1

SUSE-SU-2022:2864-1

SUSE-SU-2022:2900-1

SUSE-SU-2022:2948-1

SUSE-SU-2022:3687-1

SUSE-SU-2022:3691-1

SUSE-SU-2022_2864-1

SUSE-SU-2022_2900-1

SUSE-SU-2022_2948-1

USN-5183-1

USN-7265-1

Produtos afetados

Bluez

Suse

Ubuntu

PT-2019-6134 · Bluez+2 · Bluez+2

CVE-2019-8922

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 47