ALT-PU-2020-3310-1
Closed vulnerabilities
Published: 2020-07-17
BDU:2021-03430
Уязвимость подпрограммы gatttool disconnect_cb() компонента shared/att.c стека технологии Bluetooth для Linux BlueZ, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.6)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Severity: CRITICAL (9.0)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C
References:
Published: 2020-10-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-27153
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (8.6)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1884817
- https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
- https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
- https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html
- https://security.gentoo.org/glsa/202011-01
- https://www.debian.org/security/2021/dsa-4951
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1884817
- https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
- https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
- https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html
- https://security.gentoo.org/glsa/202011-01
- https://www.debian.org/security/2021/dsa-4951
Closed bugs
Собрать свежую версию