CVE-2023-27349Improper Validation of Array Index in Bluez

CWE-129Improper Validation of Array Index10 documents8 sources
Severity
8.0HIGHNVD
OSV5.7
EPSS
3.0%
top 13.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BluezDebian Bluez
Timeline
PublishedMay 3
Latest updateJul 16

Description

BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can resu

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages4 packages

debiandebian/bluez< bluez 5.66-1+deb12u2 (bookworm)
Debianbluez/bluez< 5.55-3.1+deb11u2+3
Ubuntubluez/bluez< 5.53-0ubuntu3.8+3
NVDbluez/bluez5.66

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
bluez vulnerabilities2024-06-05
OSV
CVE-2023-27349: BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability2024-05-03
GHSA
GHSA-r3vg-5hjq-528v: BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability2024-05-03

📋Vendor Advisories

4
Oracle
Oracle Oracle Communications Risk Matrix: Platform Security (BlueZ) — CVE-2023-273492025-07-15
Ubuntu
BlueZ vulnerabilities2024-06-05
Red Hat
BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability2024-05-03
Debian
CVE-2023-27349: bluez - BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Executi...2023

🕵️Threat Intelligence

2
Qualys
Oracle Critical Patch Update, July 2025 Security Update Review2025-07-16
Qualys
Oracle Critical Patch Update, July 2025 Security Update Review | Qualys2025-07-16