Glenn Durfee

**Name of the Vulnerable Software and Affected Versions** bluez-libs versions 3.30 through 3.33 bluez-utils versions 3.30 through 3.33 bluez-libs-devel versions 2.10 through 3.33 bluez-utils-cups versions 2.10 through 3.7 bluez-utils versions prior to 3.36 **Description** The issue is related to the failure to validate string length fields in SDP packets, which can be exploited by remote SDP servers to cause a denial of service or possibly have other unspecified impacts via a crafted length field. This can trigger excessive memory allocation or a buffer over-read. The vulnerability can be exploited remotely and may lead to a disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For bluez-libs versions 3.30 through 3.33, update to version 3.34 or later. For bluez-utils versions 3.30 through 3.33, update to version 3.34 or later. For bluez-libs-devel versions 2.10 through 3.33, update to version 3.34 or later. For bluez-utils-cups versions 2.10 through 3.7, update to a version that includes the fix for this issue. For bluez-utils versions prior to 3.36, update to version 3.36 or later.