rpm package
suse/bluez&distro=SUSE Manager Proxy 4.2
pkg:rpm/suse/bluez&distro=SUSE%20Manager%20Proxy%204.2
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-27349 | — | < 5.55-150300.3.22.1 | 5.55-150300.3.22.1 | May 3, 2024 | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab | ||
| CVE-2022-39177 | Hig | 8.8 | < 5.55-150300.3.19.1 | 5.55-150300.3.19.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | |
| CVE-2022-39176 | Hig | 8.8 | < 5.55-150300.3.19.1 | 5.55-150300.3.19.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | |
| CVE-2021-41229 | — | < 5.55-150300.3.25.1 | 5.55-150300.3.25.1 | Nov 12, 2021 | BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be |
- CVE-2023-27349May 3, 2024affected < 5.55-150300.3.22.1fixed 5.55-150300.3.22.1
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab
- affected < 5.55-150300.3.19.1fixed 5.55-150300.3.19.1
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
- affected < 5.55-150300.3.19.1fixed 5.55-150300.3.19.1
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
- CVE-2021-41229Nov 12, 2021affected < 5.55-150300.3.25.1fixed 5.55-150300.3.25.1
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be