| Vulnerability Name: | CVE-2019-8922 (CCN-214166) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2019-02-25 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2019-02-25 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2022-11-07 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
8.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-787 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-8922 Source: CCN Type: BlueZ Web site BlueZ Source: XF Type: UNKNOWN bluez-cve20198922-bo(214166) Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20211203-0002/ Source: CCN Type: SSD Advisory Linux BlueZ Information Leak and Heap Overflow Source: MISC Type: Exploit, Third Party Advisory https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ Source: CCN Type: WhiteSource Vulnerability Database CVE-2019-8922 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||