CVE-2024-34727 — Classic Buffer Overflow in Packages Modules Bluetooth

CWE-120 — Classic Buffer Overflow5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Modules Bluetooth Google Android

Timeline

PublishedAug 15

Latest updateAug 16

Description

In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Androidplatform/packages_modules_bluetooth14-next:0 — 14-next:2024-08-01+2

▶CVEListV5google/android4 versions+3

▶NVDgoogle/android4 versions+3

🔴Vulnerability Details

GHSA

GHSA-h3r8-2pw7-fhc3: In sdpu_compare_uuid_with_attr of sdp_utils↗2024-08-16

▶

CVEList

CVE-2024-34727: In sdpu_compare_uuid_with_attr of sdp_utils↗2024-08-15

▶

OSV

CVE-2024-34727: In sdpu_compare_uuid_with_attr of sdp_utils↗2024-08-01

▶

📋Vendor Advisories

Android

CVE-2024-34727: Android Security Bulletin 2024-08-01 CVE: CVE-2024-34727 Severity: HIGH Type: ID Affected AOSP versions: 12, 12L, 13, 14 References: A-287184435↗2024-08-01

▶