CVE-2019-8922Out-of-bounds Write in Bluez

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
0.1%
top 82.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
BluezDebian BluezDebian Linux
Timeline
PublishedNov 29
Latest updateApr 16

Description

A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_at

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/bluez< bluez 5.54-1 (bookworm)
Debianbluez/bluez< 5.54-1+3
Ubuntubluez/bluez< 5.37-0ubuntu5.3+esm5
NVDbluez/bluez5.48

Also affects: Debian Linux 10.0

🔴Vulnerability Details

4
VulDB
BlueZ up to 5.48 sdpd-request.c service_attr_req heap-based overflow (Nessus ID 216160)2026-04-16
OSV
bluez vulnerabilities2025-02-12
GHSA
GHSA-r763-g6p5-r323: A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 52021-11-30
OSV
CVE-2019-8922: A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 52021-11-29

📋Vendor Advisories

4
Ubuntu
BlueZ vulnerabilities2025-02-12
Ubuntu
BlueZ vulnerability2021-12-08
Red Hat
bluez: heap-based buffer overflow via crafted request2019-02-25
Debian
CVE-2019-8922: bluez - A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48....2019