Double Free in bluez (Alpine package)



| Updated: 2022-09-29
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-27153
CWE-ID CWE-415
Exploitation vector Network
Public exploit N/A
Vulnerable software
 bluez (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Double Free

EUVDB-ID: #VU48203

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-27153

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker can cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

Mitigation

Install update from vendor's website.

Vulnerable software versions

bluez (Alpine package): 5.9-r0 - 5.50-r4

CPE2.3 External links

https://git.alpinelinux.org/aports/commit/?id=3658872660c49542a14697c5b9d8c844b7b8ed77
https://git.alpinelinux.org/aports/commit/?id=0e1cfdcae4ef86baf530de61d2540c7b6d2da001
https://git.alpinelinux.org/aports/commit/?id=78762a6643e2800c3ce549768ba4797cd2e2634f
https://git.alpinelinux.org/aports/commit/?id=801680ad17f63d253e67728a07662db31c288134
https://git.alpinelinux.org/aports/commit/?id=cd7fe7b4b41bc8fb6be88c42c7bb1ef44f93a5e2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###