rpm package
suse/bluez&distro=SUSE Linux Enterprise Workstation Extension 15 SP4
pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-27349 | — | < 5.62-150400.4.13.1 | 5.62-150400.4.13.1 | May 3, 2024 | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab | ||
| CVE-2022-3563 | — | < 5.62-150400.4.8.1 | 5.62-150400.4.8.1 | Oct 17, 2022 | A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended | ||
| CVE-2022-0204 | Hig | 8.8 | < 5.62-150400.4.5.1 | 5.62-150400.4.5.1 | Mar 10, 2022 | A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. | |
| CVE-2021-41229 | — | < 5.62-150400.4.16.1 | 5.62-150400.4.16.1 | Nov 12, 2021 | BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be |
- CVE-2023-27349May 3, 2024affected < 5.62-150400.4.13.1fixed 5.62-150400.4.13.1
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab
- CVE-2022-3563Oct 17, 2022affected < 5.62-150400.4.8.1fixed 5.62-150400.4.8.1
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended
- affected < 5.62-150400.4.5.1fixed 5.62-150400.4.5.1
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
- CVE-2021-41229Nov 12, 2021affected < 5.62-150400.4.16.1fixed 5.62-150400.4.16.1
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be