Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2024:9413
Vulnerability from osv_almalinux
Published
2024-11-12 00:00
Modified
2024-11-18 11:48
Summary
Moderate: bluez security update
Details
The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (AlmaLinux), and pcmcia configuration files.
Security Fix(es):
- bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution (CVE-2023-45866)
- BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability (CVE-2023-27349)
- bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-51596)
- bluez: OBEX library out-of-bounds read information disclosure vulnerability (CVE-2023-51594)
- bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability (CVE-2023-51592)
- bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability (CVE-2023-51589)
- bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability (CVE-2023-51580)
- bluez: AVRCP stack-based buffer overflow remote code execution vulnerability (CVE-2023-44431)
- bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50230)
- bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50229)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez-cups"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez-obexd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (AlmaLinux), and pcmcia configuration files. \n\nSecurity Fix(es): \n\n * bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution (CVE-2023-45866)\n * BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability (CVE-2023-27349)\n * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-51596)\n * bluez: OBEX library out-of-bounds read information disclosure vulnerability (CVE-2023-51594)\n * bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability (CVE-2023-51592)\n * bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability (CVE-2023-51589)\n * bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability (CVE-2023-51580)\n * bluez: AVRCP stack-based buffer overflow remote code execution vulnerability (CVE-2023-44431)\n * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50230)\n * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50229)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAdditional Changes: \n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.\n",
"id": "ALSA-2024:9413",
"modified": "2024-11-18T11:48:04Z",
"published": "2024-11-12T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:9413"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-27349"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-44431"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-45866"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-50229"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-50230"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51580"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51589"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51592"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51594"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51596"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2253391"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278787"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278945"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278955"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278962"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278965"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278967"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278969"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278972"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278974"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-9413.html"
}
],
"related": [
"CVE-2023-45866",
"CVE-2023-27349",
"CVE-2023-51596",
"CVE-2023-51594",
"CVE-2023-51592",
"CVE-2023-51589",
"CVE-2023-51580",
"CVE-2023-44431",
"CVE-2023-50230",
"CVE-2023-50229"
],
"summary": "Moderate: bluez security update"
}
CVE-2023-51596 (GCVE-0-2023-51596)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-08-02 22:40
VLAI?
EPSS
Title
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939.
Severity ?
7.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2023-12-22 00:05
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluez",
"vendor": "bluez",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T19:27:08.405069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:29.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1902",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1902/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.405Z",
"datePublic": "2023-12-22T00:05:05.106Z",
"descriptions": [
{
"lang": "en",
"value": "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:15:24.617Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1902",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1902/"
}
],
"source": {
"lang": "en",
"value": "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative"
},
"title": "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51596",
"datePublished": "2024-05-03T02:15:24.617Z",
"dateReserved": "2023-12-20T20:38:20.871Z",
"dateUpdated": "2024-08-02T22:40:33.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45866 (GCVE-0-2023-45866)
Vulnerability from cvelistv5 – Published: 2023-12-08 00:00 – Updated: 2025-11-04 19:25
VLAI?
EPSS
Summary
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:25:32.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bluetooth.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"name": "FEDORA-2023-6a3fe615d3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"name": "FEDORA-2023-26a02512e1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"name": "20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"name": "20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"name": "[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"name": "DSA-5584",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"name": "GLSA-202401-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T13:06:14.377Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bluetooth.com"
},
{
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"name": "FEDORA-2023-6a3fe615d3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"name": "FEDORA-2023-26a02512e1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"url": "https://support.apple.com/kb/HT214036"
},
{
"url": "https://support.apple.com/kb/HT214035"
},
{
"name": "20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"name": "20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"name": "[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"name": "DSA-5584",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"name": "GLSA-202401-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45866",
"datePublished": "2023-12-08T00:00:00.000Z",
"dateReserved": "2023-10-14T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:25:32.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-51589 (GCVE-0-2023-51589)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-08-02 22:40
VLAI?
EPSS
Title
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.
Severity ?
5.4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2023-12-22 00:05
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluez",
"vendor": "bluez",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:26:53.760124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:38:14.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1904",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1904/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.357Z",
"datePublic": "2023-12-22T00:05:15.297Z",
"descriptions": [
{
"lang": "en",
"value": "BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:15:19.369Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1904",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1904/"
}
],
"source": {
"lang": "en",
"value": "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative"
},
"title": "BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51589",
"datePublished": "2024-05-03T02:15:19.369Z",
"dateReserved": "2023-12-20T20:38:20.870Z",
"dateUpdated": "2024-08-02T22:40:33.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51594 (GCVE-0-2023-51594)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-08-02 22:40
VLAI?
EPSS
Title
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2023-12-22 00:05
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluez",
"vendor": "bluez",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T18:45:09.759899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:40.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1901",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1901/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.391Z",
"datePublic": "2023-12-22T00:05:00.340Z",
"descriptions": [
{
"lang": "en",
"value": "BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:15:23.058Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1901",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1901/"
}
],
"source": {
"lang": "en",
"value": "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative"
},
"title": "BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51594",
"datePublished": "2024-05-03T02:15:23.058Z",
"dateReserved": "2023-12-20T20:38:20.870Z",
"dateUpdated": "2024-08-02T22:40:33.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44431 (GCVE-0-2023-44431)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:13 – Updated: 2024-08-02 20:07
VLAI?
EPSS
Title
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.
Severity ?
7.1 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2023-12-22 00:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluez",
"vendor": "bluez",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:42:18.336421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:31.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1900",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1900/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"dateAssigned": "2023-09-28T18:14:48.263Z",
"datePublic": "2023-12-22T00:04:52.763Z",
"descriptions": [
{
"lang": "en",
"value": "BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:13:57.617Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1900",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1900/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-44431",
"datePublished": "2024-05-03T02:13:57.617Z",
"dateReserved": "2023-09-28T18:02:49.772Z",
"dateUpdated": "2024-08-02T20:07:33.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51592 (GCVE-0-2023-51592)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-08-02 22:40
VLAI?
EPSS
Title
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.
Severity ?
5.4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2023-12-22 00:05
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluez",
"vendor": "bluez",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:28:42.752592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:57:56.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1905",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1905/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.377Z",
"datePublic": "2023-12-22T00:05:20.533Z",
"descriptions": [
{
"lang": "en",
"value": "BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:15:21.536Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1905",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1905/"
}
],
"source": {
"lang": "en",
"value": "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative"
},
"title": "BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51592",
"datePublished": "2024-05-03T02:15:21.536Z",
"dateReserved": "2023-12-20T20:38:20.870Z",
"dateUpdated": "2024-08-02T22:40:33.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51580 (GCVE-0-2023-51580)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-08-02 22:40
VLAI?
EPSS
Title
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852.
Severity ?
5.4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2023-12-22 00:05
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bluez:bluez:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluez",
"vendor": "bluez",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T16:03:03.098816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:30.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1903",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1903/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"dateAssigned": "2023-12-20T20:45:49.294Z",
"datePublic": "2023-12-22T00:05:10.180Z",
"descriptions": [
{
"lang": "en",
"value": "BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:15:12.492Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1903",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1903/"
}
],
"source": {
"lang": "en",
"value": "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative"
},
"title": "BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51580",
"datePublished": "2024-05-03T02:15:12.492Z",
"dateReserved": "2023-12-20T20:38:20.868Z",
"dateUpdated": "2024-08-02T22:40:33.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50229 (GCVE-0-2023-50229)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2025-11-04 16:10
VLAI?
EPSS
Title
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936.
Severity ?
7.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2023-12-20 09:54
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bluez:bluez:5.66:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluez",
"vendor": "bluez",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:55:35.245262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:57:12.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:45.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1811",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1811/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"dateAssigned": "2023-12-05T19:37:59.726Z",
"datePublic": "2023-12-20T09:54:59.369Z",
"descriptions": [
{
"lang": "en",
"value": "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:46.646Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1811",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1811/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443"
}
],
"source": {
"lang": "en",
"value": "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative"
},
"title": "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50229",
"datePublished": "2024-05-03T02:14:46.646Z",
"dateReserved": "2023-12-05T16:15:17.545Z",
"dateUpdated": "2025-11-04T16:10:45.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-50230 (GCVE-0-2023-50230)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2025-11-04 16:10
VLAI?
EPSS
Title
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
Severity ?
7.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2023-12-20 09:55
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bluez:bluez:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluez",
"vendor": "bluez",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:56:16.702257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:41.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:46.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1812",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1812/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"dateAssigned": "2023-12-05T19:37:59.732Z",
"datePublic": "2023-12-20T09:55:28.806Z",
"descriptions": [
{
"lang": "en",
"value": "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:47.428Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1812",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1812/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443"
}
],
"source": {
"lang": "en",
"value": "Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative"
},
"title": "BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50230",
"datePublished": "2024-05-03T02:14:47.428Z",
"dateReserved": "2023-12-05T16:15:17.545Z",
"dateUpdated": "2025-11-04T16:10:46.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-27349 (GCVE-0-2023-27349)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2025-11-04 16:10
VLAI?
EPSS
Title
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability
Summary
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.
The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.
Severity ?
7.1 (High)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2023-04-12 15:01
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bluez:bluez:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluez",
"vendor": "bluez",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T03:55:12.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:00.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-386",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-386/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00015.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"status": "affected",
"version": "5.66"
}
]
}
],
"dateAssigned": "2023-02-28T18:05:54.030Z",
"datePublic": "2023-04-12T15:01:03.453Z",
"descriptions": [
{
"lang": "en",
"value": "BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129: Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:12:55.458Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-386",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-386/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00015.html"
}
],
"source": {
"lang": "en",
"value": "Michael Randrianantenaina (https://elkamika.blogspot.com/)"
},
"title": "BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27349",
"datePublished": "2024-05-03T01:56:08.230Z",
"dateReserved": "2023-02-28T17:58:45.480Z",
"dateUpdated": "2025-11-04T16:10:00.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…