VYPR
Critical severity9.8NVD Advisory· Published Jul 7, 2008· Updated Jun 16, 2026

CVE-2008-2374

CVE-2008-2374

Description

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Bluez/Bluez2 versions
    cpe:2.3:a:bluez:bluez-libs:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bluez:bluez-libs:*:*:*:*:*:*:*:*range: <3.34
    • (no CPE)range: <3.34
  • Bluez/Bluez Utils2 versions
    cpe:2.3:a:bluez:bluez-utils:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bluez:bluez-utils:*:*:*:*:*:*:*:*range: <3.34
    • (no CPE)range: <3.34
  • cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.