PT-2021-4915 · Bluez+5 · Bluez+5

Zxtwonder

Published

2021-06-09

Updated

2024-06-15

CVE-2021-3588

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions BlueZ (affected versions not specified)

Description The issue is related to the cli feat read cb() function in the src/gatt-database.c file of the Bluetooth protocol stack for Linux. It does not perform bounds checks on the offset variable before using it as an index into an array for reading. This can lead to a buffer overflow, allowing an attacker to disclose protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Access of Memory Location After End of Buffer

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-788CWE-125

Related Identifiers

ALT-PU-2021-1984

AZL-7183

BDU:2021-05651

CVE-2021-3588

MGASA-2021-0281

OESA-2021-1254

OPENSUSE-SU-2021:2459-1

OPENSUSE-SU-2021_2459-1

OPENSUSE-SU-2024:12446-1

SUSE-SU-2021:2459-1

SUSE-SU-2021_2459-1

USN-4989-1

Affected Products

Alt Linux

Astra Linux

Bluez

Linuxmint

Suse

Ubuntu

PT-2021-4915 · Bluez+5 · Bluez+5

CVE-2021-3588

Weakness Enumeration

Related Identifiers

Affected Products

References · 37