Package bluez updated to version 5.58-alt2 for branch sisyphus in task 274357.

Published: 2021-06-09

BDU:2021-05651

Уязвимость функции cli_feat_read_cb () стека протоколов Bluetooth для ОС Linux BlueZ, позволяющая нарушителю раскрыть защищаемую информацию

Severity: LOW (3.3) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

CVE-2021-3588

Published: 2021-06-10
Modified: 2024-11-21

CVE-2021-3588

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

https://github.com/bluez/bluez/issues/70
https://github.com/bluez/bluez/issues/70
GLSA-202209-16
GLSA-202209-16

Version: 2.1.0

Package bluez update in sisyphus on 2021-06-11

ALT-PU-2021-1984-1

Closed vulnerabilities

BDU:2021-05651

CVE-2021-3588