CVE-2023-51594

CVSS v3.1

5.7

Medium

Vector

AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BlueZ (affected versions not specified)

Description This issue allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this issue, as the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:9413

BDU:2025-16170

CVE-2023-51594

INFSA-2024_9413

MGASA-2025-0115

RHSA-2024:9413

RHSA-2024_9413

RLSA-2024:9413

ZDI-23-1901

Affected Products

Almalinux

Bluez

Debian

Red Hat

Red Os

Rocky Linux

CVE-2023-51594

Weakness Enumeration

Related Identifiers

Affected Products

References · 57