Heap-based Buffer Overflow in BlueZ Phone Book Access Profile Affects Linux Systems
CVE-2023-50230
Currently unrated
What is CVE-2023-50230?
A vulnerability in the BlueZ Phone Book Access Profile allows network-adjacent attackers to execute arbitrary code by exploiting a heap-based buffer overflow. This security flaw arises from inadequate validation of user-supplied data length, leading to potential exploitation when a user connects to a malicious Bluetooth device. Attackers can execute code in the context of root privileges, making this a significant risk for affected installations of BlueZ.