rpm package
suse/bluez&distro=SUSE Enterprise Storage 7
pkg:rpm/suse/bluez&distro=SUSE%20Enterprise%20Storage%207
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-27349 | — | < 5.48-150200.13.25.1 | 5.48-150200.13.25.1 | May 3, 2024 | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab | ||
| CVE-2022-39177 | Hig | 8.8 | < 5.48-150200.13.22.1 | 5.48-150200.13.22.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | |
| CVE-2022-39176 | Hig | 8.8 | < 5.48-150200.13.22.1 | 5.48-150200.13.22.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | |
| CVE-2022-0204 | Hig | 8.8 | < 5.48-150200.13.8.1 | 5.48-150200.13.8.1 | Mar 10, 2022 | A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. | |
| CVE-2021-3658 | Med | 6.5 | < 5.48-150200.13.17.1 | 5.48-150200.13.17.1 | Mar 2, 2022 | bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the blue | |
| CVE-2019-8922 | Hig | 8.8 | < 5.48-150200.13.8.1 | 5.48-150200.13.8.1 | Nov 29, 2021 | A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to th | |
| CVE-2019-8921 | Med | 6.5 | < 5.48-150200.13.17.1 | 5.48-150200.13.17.1 | Nov 29, 2021 | An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting | |
| CVE-2021-43400 | — | < 5.48-150200.13.17.1 | 5.48-150200.13.17.1 | Nov 4, 2021 | An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. | ||
| CVE-2021-0129 | — | < 5.48-150200.13.17.1 | 5.48-150200.13.17.1 | Jun 9, 2021 | Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||
| CVE-2020-26558 | — | < 5.48-150200.13.17.1 | 5.48-150200.13.17.1 | May 24, 2021 | Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evide |
- CVE-2023-27349May 3, 2024affected < 5.48-150200.13.25.1fixed 5.48-150200.13.25.1
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab
- affected < 5.48-150200.13.22.1fixed 5.48-150200.13.22.1
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
- affected < 5.48-150200.13.22.1fixed 5.48-150200.13.22.1
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
- affected < 5.48-150200.13.8.1fixed 5.48-150200.13.8.1
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
- affected < 5.48-150200.13.17.1fixed 5.48-150200.13.17.1
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the blue
- affected < 5.48-150200.13.8.1fixed 5.48-150200.13.8.1
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to th
- affected < 5.48-150200.13.17.1fixed 5.48-150200.13.17.1
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting
- CVE-2021-43400Nov 4, 2021affected < 5.48-150200.13.17.1fixed 5.48-150200.13.17.1
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.
- CVE-2021-0129Jun 9, 2021affected < 5.48-150200.13.17.1fixed 5.48-150200.13.17.1
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
- CVE-2020-26558May 24, 2021affected < 5.48-150200.13.17.1fixed 5.48-150200.13.17.1
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evide