CVE-2017-1000250 — Sensitive Information Exposure in Bluez

CWE-200 — Sensitive Information Exposure CWE-125 — Out-of-bounds Read12 documents9 sources

Severity

6.5MEDIUMNVD

EPSS

34.3%

top 3.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bluez Debian Bluez

Timeline

PublishedSep 12

Latest updateMay 14

Description

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/bluez< bluez 5.46-1 (bookworm)

▶Debianbluez/bluez< 5.46-1+3

▶Ubuntubluez/bluez< 4.101-0ubuntu13.3+1

▶NVDbluez/bluez5.46

🔴Vulnerability Details

GHSA

GHSA-6fxm-r64m-667w: All versions of the SDP server in BlueZ 5↗2022-05-14

▶

OSV

bluez vulnerability↗2017-09-12

▶

OSV

CVE-2017-1000250: All versions of the SDP server in BlueZ 5↗2017-09-12

▶

📋Vendor Advisories

Ubuntu

BlueZ vulnerability↗2017-09-12

▶

Red Hat

bluez: Out-of-bounds heap read in service_search_attr_req function↗2017-09-12

▶

Debian

CVE-2017-1000250: bluez - All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an in...↗2017

▶

🕵️Threat Intelligence

Tenable

Protecting Your Bluetooth Devices from BlueBorne↗2017-09-15

▶

Tenable

Protecting Your Bluetooth Devices from BlueBorne↗2017-09-15

▶

Fortinet

BlueBorne May Affect Billions of Bluetooth Devices↗2017-09-14

▶

💬Community

Bugzilla

CVE-2017-1000250 bluez: Out-of-bounds heap read in service_search_attr_req function [fedora-all]↗2017-09-12

▶

Bugzilla

CVE-2017-1000250 bluez: Out-of-bounds heap read in service_search_attr_req function↗2017-09-07

▶