CVE-2021-43400

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions BlueZ version 5.61

Description A use-after-free issue can occur in the gatt-database.c file when a client disconnects during D-Bus processing of a WriteValue call, potentially allowing a remote attacker to access confidential information.

Recommendations For BlueZ version 5.61, consider disabling the WriteValue call processing until a patch is available to prevent exploitation of the use-after-free issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-3193

BDU:2022-03135

CVE-2021-43400

DLA-3157-1

DLA-3879-1

MGASA-2021-0532

OESA-2022-1527

OESA-2022-2047

OPENSUSE-SU-2022_3981-1

SUSE-SU-2022:3687-1

SUSE-SU-2022:3691-1

SUSE-SU-2022:3981-1

USN-5155-1

Affected Products

Alt Linux

Astra Linux

Bluez

Linuxmint

Suse

Ubuntu

CVE-2021-43400

Weakness Enumeration

Related Identifiers

Affected Products

References · 51