Heap-based Buffer Overflow in BlueZ Phone Book Access Profile Affects Linux Systems
CVE-2023-50230

Currently unrated

Key Information:

Vendor
BlueZ
Status
BlueZ
Vendor
CVE Published:
3 May 2024

Summary

A vulnerability in the BlueZ Phone Book Access Profile allows network-adjacent attackers to execute arbitrary code by exploiting a heap-based buffer overflow. This security flaw arises from inadequate validation of user-supplied data length, leading to potential exploitation when a user connects to a malicious Bluetooth device. Attackers can execute code in the context of root privileges, making this a significant risk for affected installations of BlueZ.

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1812/
https://github.com/bluez/bluez/commit/5ab5352531a9cc7058c...

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

.
CVE-2023-50230 : Heap-based Buffer Overflow in BlueZ Phone Book Access Profile Affects Linux Systems | SecurityVulnerability.io