Multiple vulnerabilities in BlueZ
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2023-50230 CVE-2023-50229 CVE-2023-51594 CVE-2023-51596 CVE-2023-44431 CVE-2023-51580 CVE-2023-51592 CVE-2023-51589 |
| CWE-ID | CWE-122 CWE-125 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
BlueZ Universal components / Libraries / Libraries used by multiple products |
| Vendor | BlueZ Project |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU84603
Risk: Medium
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50230
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of the Phone Book Access profile. A remote attacker on the local network can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 5.0 - 5.70
CPE2.3- cpe:2.3:a:bluez.org:bluez:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:5.2:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-23-1812/
https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU84605
Risk: Medium
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50229
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of the Phone Book Access profile. A remote attacker on the local network can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 5.0 - 5.70
CPE2.3- cpe:2.3:a:bluez.org:bluez:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:5.2:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-23-1811/
https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU84668
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-51594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling OBEX protocol parameter. A remote attacker can trick the victim into connecting to a malicious device, trigger an out-of-bounds read and gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 4.0 - 5.70
CPE2.3- cpe:2.3:a:bluez.org:bluez:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.2:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-23-1901/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU84667
Risk: Medium
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-51596
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling the Phone Book Access profile. A remote attacker can trick the victim into connection to a malicious Bluetooth device, trigger a heap-based buffer overflow and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsBlueZ: 4.0 - 5.70
CPE2.3- cpe:2.3:a:bluez.org:bluez:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.2:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-23-1902/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU84669
Risk: Medium
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-44431
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling AVRCP protocol. A remote attacker can trick the victim into connection to a malicious Bluetooth device, trigger a stack-based buffer overflow and execute arbitrary code on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 4.0 - 5.70
CPE2.3- cpe:2.3:a:bluez.org:bluez:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.2:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-23-1900/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU84666
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-51580
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling AVRCP protocol within the avrcp_parse_attribute_list() function. A remote attacker can trick the victim into connecting to a malicious device, trigger an out-of-bounds read and gain access to sensitive information. MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 4.0 - 5.70
CPE2.3- cpe:2.3:a:bluez.org:bluez:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.2:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-23-1903/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU84665
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-51592
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling AVRCP protocol within the parse_media_folder() function. A remote attacker can trick the victim into connecting to a malicious device, trigger an out-of-bounds read and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsBlueZ: 4.0 - 5.70
CPE2.3- cpe:2.3:a:bluez.org:bluez:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.2:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-23-1905/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU84670
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-51589
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling AVRCP protocol within the parse_media_element() function. A remote attacker can trick the victim into connecting to a malicious device, trigger an out-of-bounds read and gain access to sensitive information. MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 4.0 - 5.70
CPE2.3- cpe:2.3:a:bluez.org:bluez:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bluez.org:bluez:4.2:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-23-1904/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
