CVE-2024-43763Uncontrolled Resource Consumption in Packages Modules Bluetooth

CWE-400Uncontrolled Resource ConsumptionCWE-203Observable DiscrepancyCWE-918Server-Side Request Forgery6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 66.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Platform Packages Modules BluetoothPlatform System BTGoogle Android
Timeline
PublishedJan 21
Latest updateSep 9

Description

In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

Androidplatform/system_bt12:012:2025-01-01+1
Androidplatform/packages_modules_bluetooth15-next:015-next:2025-01-01+3
CVEListV5google/android5 versions+4
NVDgoogle/android5 versions+4

🔴Vulnerability Details

4
GHSA
Liferay Portal is vulnerable to SSRF through custom object attachment fields2025-09-09
GHSA
GHSA-5rjv-47jf-7h66: In build_read_multi_rsp of gatt_sr2025-01-22
CVEList
CVE-2024-43763: In build_read_multi_rsp of gatt_sr2025-01-21
OSV
CVE-2024-43763: In build_read_multi_rsp of gatt_sr2025-01-01

📋Vendor Advisories

1
Android
CVE-2024-43763: Android Security Bulletin 2025-01-01 CVE: CVE-2024-43763 Severity: HIGH Type: DoS Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-3568862092025-01-01
CVE-2024-43763 — Uncontrolled Resource Consumption | cvebase