rpm package

suse/bluez&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4

pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Vulnerabilities (15)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-27349		—	< 5.13-5.39.1	5.13-5.39.1	May 3, 2024	BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab
CVE-2022-39177	Hig	8.8	< 5.13-5.36.1	5.13-5.36.1	Sep 2, 2022	BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
CVE-2022-39176	Hig	8.8	< 5.13-5.36.1	5.13-5.36.1	Sep 2, 2022	BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
CVE-2019-8922	Hig	8.8	< 5.13-5.26.1	5.13-5.26.1	Nov 29, 2021	A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to th
CVE-2019-8921	Med	6.5	< 5.13-5.31.1	5.13-5.31.1	Nov 29, 2021	An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting
CVE-2020-0556		—	< 5.13-5.23.1	5.13-5.23.1	Mar 12, 2020	Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
CVE-2019-9853		—	< 5.13-5.20.6	5.13-5.20.6	Sep 27, 2019	LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categori
CVE-2016-9918	Hig	7.5	< 5.13-5.12.1	5.13-5.12.1	Dec 8, 2016	In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
CVE-2016-9917	Hig	7.5	< 5.13-5.12.1	5.13-5.12.1	Dec 8, 2016	In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
CVE-2016-9803	Med	5.3	< 5.13-5.31.1	5.13-5.31.1	Dec 3, 2016	In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.
CVE-2016-9802	Med	5.3	< 5.13-5.12.1	5.13-5.12.1	Dec 3, 2016	In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
CVE-2016-9801	Med	5.3	< 5.13-5.7.1	5.13-5.7.1	Dec 3, 2016	In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.
CVE-2016-9800	Med	5.3	< 5.13-5.7.1	5.13-5.7.1	Dec 3, 2016	In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" pa
CVE-2016-9798	Med	5.3	< 5.13-5.12.1	5.13-5.12.1	Dec 3, 2016	In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
CVE-2016-9797	Med	5.3	< 5.13-5.12.1	5.13-5.12.1	Dec 3, 2016	In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

CVE-2023-27349May 3, 2024
affected < 5.13-5.39.1fixed 5.13-5.39.1
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab
CVE-2022-39177HigSep 2, 2022
affected < 5.13-5.36.1fixed 5.13-5.36.1
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
CVE-2022-39176HigSep 2, 2022
affected < 5.13-5.36.1fixed 5.13-5.36.1
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
CVE-2019-8922HigNov 29, 2021
affected < 5.13-5.26.1fixed 5.13-5.26.1
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to th
CVE-2019-8921MedNov 29, 2021
affected < 5.13-5.31.1fixed 5.13-5.31.1
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting
CVE-2020-0556Mar 12, 2020
affected < 5.13-5.23.1fixed 5.13-5.23.1
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
CVE-2019-9853Sep 27, 2019
affected < 5.13-5.20.6fixed 5.13-5.20.6
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categori
CVE-2016-9918HigDec 8, 2016
affected < 5.13-5.12.1fixed 5.13-5.12.1
In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
CVE-2016-9917HigDec 8, 2016
affected < 5.13-5.12.1fixed 5.13-5.12.1
In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
CVE-2016-9803MedDec 3, 2016
affected < 5.13-5.31.1fixed 5.13-5.31.1
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.
CVE-2016-9802MedDec 3, 2016
affected < 5.13-5.12.1fixed 5.13-5.12.1
In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
CVE-2016-9801MedDec 3, 2016
affected < 5.13-5.7.1fixed 5.13-5.7.1
In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.
CVE-2016-9800MedDec 3, 2016
affected < 5.13-5.7.1fixed 5.13-5.7.1
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" pa
CVE-2016-9798MedDec 3, 2016
affected < 5.13-5.12.1fixed 5.13-5.12.1
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
CVE-2016-9797MedDec 3, 2016
affected < 5.13-5.12.1fixed 5.13-5.12.1
In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.