ALT-PU-2020-3349-1
Closed vulnerabilities
Published: 2020-07-17
BDU:2021-03430
Уязвимость подпрограммы gatttool disconnect_cb() компонента shared/att.c стека технологии Bluetooth для Linux BlueZ, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.6)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
References:
Published: 2020-10-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-27153
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
Severity: HIGH (8.6)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
References:
- openSUSE-SU-2020:1876
- openSUSE-SU-2020:1876
- openSUSE-SU-2020:1880
- openSUSE-SU-2020:1880
- https://bugzilla.redhat.com/show_bug.cgi?id=1884817
- https://bugzilla.redhat.com/show_bug.cgi?id=1884817
- https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
- https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
- https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
- https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
- [debian-lts-announce] 20201021 [SECURITY] [DLA 2410-1] bluez security update
- [debian-lts-announce] 20201021 [SECURITY] [DLA 2410-1] bluez security update
- GLSA-202011-01
- GLSA-202011-01
- DSA-4951
- DSA-4951
Closed bugs
Собрать свежую версию