CVE-2020-0556 — Uncontrolled Resource Consumption in Bluez
Severity
7.1HIGHNVD
NVD6.3OSV7.8
EPSS
0.2%
top 62.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 12
Latest updateDec 12
Description
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7
Affected Packages9 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 38, 39, Ubuntu Linux 16.04, 18.04, 19.10, 20.04, 22.04, 23.10
Patches
🔴Vulnerability Details
7OSV▶
CVE-2023-45866: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HI↗2023-12-08
CVEList▶
CVE-2023-45866: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HI↗2023-12-08
GHSA▶
GHSA-qjcj-xg77-6c32: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HI↗2023-12-08
GHSA
▶
📋Vendor Advisories
6Microsoft▶
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection and accept HID keyboard reports potentially permitting injection↗2023-12-12
Red Hat▶
bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution↗2023-12-07
Debian▶
CVE-2023-45866: bluez - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID D...↗2023
Red Hat
▶