Heap-based Buffer Overflow in BlueZ Bluetooth Stack by Linux Vendor
CVE-2019-8922

8.8HIGH

Key Information:

Vendor

Bluez

Status
Bluez
Vendor
CVE Published:
29 November 2021

What is CVE-2019-8922?

A heap-based buffer overflow has been identified in the BlueZ Bluetooth stack, specifically affecting versions up to 5.48. The vulnerability arises from the lack of sufficient validation on the size of the destination buffer when handling requests. The affected function simply appends requested attributes to the output buffer without performing any size checks. As a result, an attacker capable of crafting a request with a large enough response can trigger a heap overflow, potentially leading to unauthorized access or system instability. This issue highlights the importance of robust input validation and memory management in software design.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://ssd-disclosure.com/ssd-advisory-linux-bluez-infor...
https://security.netapp.com/advisory/ntap-20211203-0002/
https://lists.debian.org/debian-lts-announce/2022/10/msg0...
mailing-list

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.