CVE-2019-8922

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BlueZ versions through 5.48

Description A heap-based buffer overflow was discovered in the bluetoothd component of BlueZ. The issue is caused by the lack of size checks when appending data to the output buffer in the service attr req function, which is called by process request in sdpd-request.c. This allows a remote attacker to craft a request that can overflow the preallocated buffer, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations For BlueZ versions through 5.48, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2021-05954

CVE-2019-8922

DLA-2827-1

DLA-3157-1

SUSE-SU-2022:2864-1

SUSE-SU-2022:2900-1

SUSE-SU-2022:2948-1

SUSE-SU-2022:3687-1

SUSE-SU-2022:3691-1

SUSE-SU-2022_2864-1

SUSE-SU-2022_2900-1

SUSE-SU-2022_2948-1

USN-5183-1

USN-7265-1

Affected Products

Bluez

Suse

Ubuntu

CVE-2019-8922

Weakness Enumeration

Related Identifiers

Affected Products

References · 47