Denial of Service Vulnerability in GATT Server Component by Android
CVE-2024-43763

6.5MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 21 January 2025

Summary

A logic error in the GATT server's build_read_multi_rsp function allows remote denial of service attacks. This vulnerability can be exploited by adjacent attackers who can cause the GATT server to become unresponsive, impacting the functionality of Bluetooth communications without the need for user interaction or additional privileges.

Affected Version(s)

Android 15

Android 14

Android 13

References

https://source.android.com/security/bulletin/2025-01-01

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025