rpm package
suse/bluez&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-27349 | — | < 5.13-5.39.1 | 5.13-5.39.1 | May 3, 2024 | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab | ||
| CVE-2022-39177 | Hig | 8.8 | < 5.13-5.36.1 | 5.13-5.36.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | |
| CVE-2022-39176 | Hig | 8.8 | < 5.13-5.36.1 | 5.13-5.36.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | |
| CVE-2019-8922 | Hig | 8.8 | < 5.13-5.26.1 | 5.13-5.26.1 | Nov 29, 2021 | A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to th | |
| CVE-2019-8921 | Med | 6.5 | < 5.13-5.31.1 | 5.13-5.31.1 | Nov 29, 2021 | An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting | |
| CVE-2021-41229 | — | < 5.13-5.42.2 | 5.13-5.42.2 | Nov 12, 2021 | BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be | ||
| CVE-2020-0556 | — | < 5.13-5.23.1 | 5.13-5.23.1 | Mar 12, 2020 | Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access | ||
| CVE-2019-9853 | — | < 5.13-5.20.6 | 5.13-5.20.6 | Sep 27, 2019 | LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categori | ||
| CVE-2016-9803 | Med | 5.3 | < 5.13-5.31.1 | 5.13-5.31.1 | Dec 3, 2016 | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. | |
| CVE-2016-9798 | Med | 5.3 | < 5.13-5.15.3 | 5.13-5.15.3 | Dec 3, 2016 | In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. |
- CVE-2023-27349May 3, 2024affected < 5.13-5.39.1fixed 5.13-5.39.1
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab
- affected < 5.13-5.36.1fixed 5.13-5.36.1
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
- affected < 5.13-5.36.1fixed 5.13-5.36.1
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
- affected < 5.13-5.26.1fixed 5.13-5.26.1
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to th
- affected < 5.13-5.31.1fixed 5.13-5.31.1
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting
- CVE-2021-41229Nov 12, 2021affected < 5.13-5.42.2fixed 5.13-5.42.2
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be
- CVE-2020-0556Mar 12, 2020affected < 5.13-5.23.1fixed 5.13-5.23.1
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
- CVE-2019-9853Sep 27, 2019affected < 5.13-5.20.6fixed 5.13-5.20.6
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categori
- affected < 5.13-5.31.1fixed 5.13-5.31.1
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.
- affected < 5.13-5.15.3fixed 5.13-5.15.3
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.