CVE-2005-2547 — Project Bluez vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 21.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bluez Project Bluez

Timeline

PublishedAug 12

Latest updateMay 1

Description

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDbluez_project/bluez2.18

Patches

Patch: cvs.sourceforge.net ↗Patch: sourceforge.net ↗Patch: bugs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-35vq-2ggj-6fwg: security↗2022-05-01

▶

📋Vendor Advisories

Red Hat

CVE-2005-2547: security↗

▶

💬Community

Bugzilla

[CAN-2005-2547] Remote attackers can execute arbitrary commands with crafted Bluetooth device name↗2005-08-25

▶