CVE-2008-2374

Name of the Vulnerable Software and Affected Versions bluez-libs versions 3.30 through 3.33 bluez-utils versions 3.30 through 3.33 bluez-libs-devel versions 2.10 through 3.33 bluez-utils-cups versions 2.10 through 3.7 bluez-utils versions prior to 3.36

Description The issue is related to the failure to validate string length fields in SDP packets, which can be exploited by remote SDP servers to cause a denial of service or possibly have other unspecified impacts via a crafted length field. This can trigger excessive memory allocation or a buffer over-read. The vulnerability can be exploited remotely and may lead to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations For bluez-libs versions 3.30 through 3.33, update to version 3.34 or later. For bluez-utils versions 3.30 through 3.33, update to version 3.34 or later. For bluez-libs-devel versions 2.10 through 3.33, update to version 3.34 or later. For bluez-utils-cups versions 2.10 through 3.7, update to a version that includes the fix for this issue. For bluez-utils versions prior to 3.36, update to version 3.36 or later.