rpm package
suse/bluez&distro=SUSE Linux Enterprise Server 12 SP4-LTSS
pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-27349 | — | < 5.13-5.39.1 | 5.13-5.39.1 | May 3, 2024 | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab | ||
| CVE-2022-39177 | Hig | 8.8 | < 5.13-5.36.1 | 5.13-5.36.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | |
| CVE-2022-39176 | Hig | 8.8 | < 5.13-5.36.1 | 5.13-5.36.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | |
| CVE-2019-8922 | Hig | 8.8 | < 5.13-5.26.1 | 5.13-5.26.1 | Nov 29, 2021 | A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to th | |
| CVE-2019-8921 | Med | 6.5 | < 5.13-5.31.1 | 5.13-5.31.1 | Nov 29, 2021 | An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting | |
| CVE-2020-0556 | — | < 5.13-5.23.1 | 5.13-5.23.1 | Mar 12, 2020 | Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access | ||
| CVE-2016-9803 | Med | 5.3 | < 5.13-5.31.1 | 5.13-5.31.1 | Dec 3, 2016 | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. |
- CVE-2023-27349May 3, 2024affected < 5.13-5.39.1fixed 5.13-5.39.1
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab
- affected < 5.13-5.36.1fixed 5.13-5.36.1
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
- affected < 5.13-5.36.1fixed 5.13-5.36.1
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
- affected < 5.13-5.26.1fixed 5.13-5.26.1
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to th
- affected < 5.13-5.31.1fixed 5.13-5.31.1
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting
- CVE-2020-0556Mar 12, 2020affected < 5.13-5.23.1fixed 5.13-5.23.1
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
- affected < 5.13-5.31.1fixed 5.13-5.31.1
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.