cbcvebase.

Opensynergy Blue Sdk vulnerabilities

5 known vulnerabilities affecting opensynergy/blue_sdk.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-45434P2CRITICALCVSS 9.8≤ 6.0.12025-09-12
CVE-2024-45434 [CRITICAL] CWE-416 CVE-2024-45434: OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the object (aka use after free). An attacker can leverage this to achieve remote code execution in the context of
nvd
CVE-2018-20378P3HIGHCVSS 7.5≥ 3.2, ≤ 5.5.3≥ 6.0, < 6.0.12019-03-29
CVE-2018-20378 [HIGH] CWE-20 CVE-2018-20378: The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker
nvd
CVE-2024-45432P3HIGHCVSS 7.5≤ 6.0.12025-09-12
CVE-2024-45432 [HIGH] CWE-284 CVE-2024-45432: OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used as a function argument. An attacker can leverage this to cause unexpected behavior or obtain sensitive information.
nvd
CVE-2024-45433P3MEDIUMCVSS 6.5≤ 6.0.12025-09-12
CVE-2024-45433 [MEDIUM] CWE-705 CVE-2024-45433: OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. The specific flaw OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper return control flow after detecting an unusual condition. An attacker can leverage this to bypass a security validation and make the incoming data be processed.
nvd
CVE-2024-45431P3MEDIUMCVSS 5.3≤ 6.0.12025-09-12
CVE-2024-45431 [MEDIUM] CWE-20 CVE-2024-45431: OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exis OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID (CID). An attacker can leverage this to create an L2CAP channel with the null identifier assigned as a remote CID.
nvd
Opensynergy Blue Sdk vulnerabilities | cvebase