memory contents disclosure in cli_feat_read_cb
CVE-2021-3588

3.3LOW

Key Information:

Vendor: Bluez
Status: Bluez
Vendor: CVE Published:; 9 June 2021

Summary

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

Affected Version(s)

BlueZ < 5.56

References

https://github.com/bluez/bluez/issues/70

x_refsource_MISC

https://security.gentoo.org/glsa/202209-16

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Jun 8, 2021