Все бюллетени/sisyphus/ALT-PU-2018-3709-1
ALT-PU-2018-3709-1

Обновление пакета bluez в ветке sisyphus

Версия5.49-alt1
Задание#203406
Опубликовано2018-04-02
Макс. серьёзностьHIGH
Серьёзность:

Закрытые проблемы (4)

BDU:2021-05954
HIGH8.8

Уязвимость функций service_attr_req и process_request (sdpd-request.c) стека протоколов Bluetooth для ОС Linux BlueZ, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2021-12-09Изменено: 2023-11-21
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 8.3
CVSS:2.0/AV:A/AC:L/Au:N/C:C/I:C/A:C
Ссылки
BDU:2021-06165
MEDIUM6.5

Уязвимость реализации службы SDP стека протоколов Bluetooth для ОС Linux BlueZ, позволяющая нарушителю раскрыть защищаемую информацию

Опубликовано: 2021-12-17Изменено: 2023-11-21
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0СРЕДНЯЯ 6.1
CVSS:2.0/AV:A/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2019-8921
MEDIUM6.5

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.

Опубликовано: 2021-11-29Изменено: 2026-04-15
CVSS 2.0НИЗКАЯ 3.3
CVSS:2.0/AV:A/AC:L/Au:N/C:P/I:N/A:N
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Ссылки
CVE-2019-8922
HIGH8.8

A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.

Опубликовано: 2021-11-29Изменено: 2026-04-15
CVSS 2.0СРЕДНЯЯ 5.8
CVSS:2.0/AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ссылки