Buffer Over-read Vulnerability in BlueZ by BlueZ Team
CVE-2008-2374

9.8CRITICAL

Key Information:

Vendor: Bluez
Status: Bluez Libs; Bluez Utils
Vendor: CVE Published:; 7 July 2008

What is CVE-2008-2374?

The vulnerability exists in the src/sdp.c component of BlueZ libraries where improper validation of string length fields in SDP packets can arise. This flaw enables remote SDP servers to potentially induce a denial of service or execute other unspecified impacts. The exploitation may occur through crafted length fields that lead to excessive memory allocation or buffer over-read scenarios, posing significant risks to system stability and functionality.

References

http://secunia.com/advisories/31057

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/30105

vdb-entryx_refsource_BID

http://security.gentoo.org/glsa/glsa-200903-29.xml

vendor-advisoryx_refsource_GENTOO

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2008
Vulnerability Reserved
May 21, 2008

Bluez

What is CVE-2008-2374?

References

EPSS Score

CVSS V3.1

Timeline