CVE-2023-51580 — Out-of-bounds Read in Bluez

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

5.7MEDIUMNVD

EPSS

0.0%

top 86.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bluez Debian Bluez

Timeline

PublishedMay 3

Description

BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

▶NVDbluez/bluez5.66

▶debiandebian/bluez

🔴Vulnerability Details

OSV

CVE-2023-51580: BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability↗2024-05-03

▶

GHSA

GHSA-wpgw-gr5r-5jqv: BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability↗2024-05-03

▶

📋Vendor Advisories

Red Hat

bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability↗2024-05-03

▶

Debian

CVE-2023-51580: bluez - BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Informat...↗2023

▶