pkg:Debian/bluez

All known vulnerabilities

• CRITICAL9.1CVE-2021-43400An issue was discovered in gatt-database.c in BlueZ 5.61.
  from 0, < 5.55-3.1+deb11u2
• HIGH8.8CVE-2022-39177BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be proc…
  from 0, < 5.55-3.1+deb11u2
• HIGH8.8CVE-2022-39176BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate pa…
  from 0, < 5.55-3.1+deb11u2
• HIGH8.8CVE-2022-0204A heap overflow vulnerability was found in bluez in versions prior to 5.63.
  from 0, < 5.55-3.1+deb11u2
• HIGH8.8CVE-2019-8922A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48.
  from 0, < 5.54-1
• HIGH8.6CVE-2020-27153bluez - security update
  from 0, < 5.55-1
• HIGH8.6CVE-2020-27153bluez - security update
  from 0, < 5.43-2+deb9u3
• HIGH8.0CVE-2023-50230BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability.
  from 0, < 5.55-3.1+deb11u2
• HIGH8.0CVE-2023-50229BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability.
  from 0, < 5.55-3.1+deb11u2
• HIGH8.0CVE-2023-44431BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability.
  from 0
• HIGH8.0CVE-2023-27349bluez - security update
  from 0, < 5.55-3.1+deb11u2
• HIGH8.0CVE-2023-27349bluez - security update
  from 0, < 5.50-1.2~deb10u5
• HIGH7.8CVE-2016-7837Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland ut…
  from 0, < 5.43-1
• HIGH7.5CVE-2016-9918In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file.
  from 0
• HIGH7.5CVE-2016-9917In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file.
  from 0
• HIGH7.1CVE-2023-51596BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability.
  from 0
• HIGH7.1CVE-2020-0556bluez - security update
  from 0, < 5.50-1.1
• HIGH7.1CVE-2020-0556bluez - security update
  from 0, < 5.43-2+deb9u2
• HIGH7.1CVE-2020-0556bluez - security update
  from 0, < 5.43-2+deb9u2~deb8u1
• MEDIUM6.5CVE-2021-3658bluez - security update
  from 0, < 5.55-3.1+deb11u2
• MEDIUM6.5CVE-2021-3658bluez - security update
  from 0, < 5.55-3.1+deb11u2
• MEDIUM6.5CVE-2019-8921bluez - security update
  from 0, < 5.50-1.2~deb10u3
• MEDIUM6.5CVE-2019-8921bluez - security update
  from 0, < 5.54-1
• MEDIUM6.5CVE-2019-8921bluez - security update
  from 0, < 5.43-2+deb9u5
• MEDIUM6.5CVE-2021-41229BlueZ is a Bluetooth protocol stack for Linux.
  from 0, < 5.55-3.1+deb11u2
• MEDIUM6.5CVE-2017-1000250bluez - security update
  from 0, < 4.99-2+deb7u1
• MEDIUM6.5CVE-2017-1000250bluez - security update
  from 0, < 5.23-2+deb8u1
• MEDIUM6.5CVE-2017-1000250bluez - security update
  from 0, < 5.46-1
• MEDIUM6.3CVE-2023-45866bluez - security update
  from 0, < 5.55-3.1+deb11u1
• MEDIUM6.3CVE-2023-45866bluez - security update
  from 0, < 5.55-3.1+deb11u1
• MEDIUM6.3CVE-2023-45866bluez - security update
  from 0, < 5.50-1.2~deb10u4
• MEDIUM5.7CVE-2023-51594BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability.
  from 0
• MEDIUM5.7CVE-2023-51592BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability.
  from 0
• MEDIUM5.7CVE-2023-51589BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability.
  from 0
• MEDIUM5.7CVE-2023-51580BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability.
  from 0
• MEDIUM5.7CVE-2022-3563A vulnerability classified as problematic has been found in Linux Kernel.
  from 0, < 5.65-1
• MEDIUM5.7CVE-2021-0129Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
  from 0, < 5.55-3.1
• MEDIUM5.3CVE-2016-9804In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file.
  from 0
• MEDIUM5.3CVE-2016-9803In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file.
  from 0
• MEDIUM5.3CVE-2016-9802In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file.
  from 0
• MEDIUM5.3CVE-2016-9801In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted du…
  from 0
• MEDIUM5.3CVE-2016-9800In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file.
  from 0
• MEDIUM5.3CVE-2016-9799In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file.
  from 0
• MEDIUM5.3CVE-2016-9798In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file.
  from 0
• MEDIUM5.3CVE-2016-9797In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file.
  from 0
• MEDIUM4.2CVE-2020-26558bluez - security update
  from 0, < 5.43-2+deb9u4
• MEDIUM4.2CVE-2020-26558bluez - security update
  from 0, < 5.55-3.1
• MEDIUM4.2CVE-2020-26558bluez - security update
  from 0, < 5.50-1.2~deb10u2
• LOW3.3CVE-2021-3588The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index…
  from 0, < 5.55-3.1
• LOW3.3CVE-2018-10910A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system.
  from 0, < 5.54-1