CVE-2023-51592

CVSS v3.1

5.7

Medium

Vector

AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BlueZ (affected versions not specified)

Description This issue allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this issue, as the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:9413

AZL-40214

AZL-40232

BDU:2025-16169

CVE-2023-51592

INFSA-2024_9413

MGASA-2025-0115

RHSA-2024:9413

RHSA-2024_9413

RLSA-2024:9413

ZDI-23-1905

Affected Products

Almalinux

Bluez

Debian

Red Hat

Red Os

Rocky Linux

CVE-2023-51592

Weakness Enumeration

Related Identifiers

Affected Products

References · 59