Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bluez vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-3637
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. ...
Bluez Bluez
5.7
CVSSv3
CVE-2022-3563
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended...
Bluez Bluez
8.8
CVSSv3
CVE-2022-39176
BlueZ prior to 5.59 allows physically proximate malicious users to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
Bluez Bluez
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2022-39177
BlueZ prior to 5.59 allows physically proximate malicious users to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
Bluez Bluez
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2022-0204
A heap overflow vulnerability was found in bluez in versions before 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
Bluez Bluez
Fedoraproject Fedora 35
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2021-3658
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the...
Bluez Bluez
Fedoraproject Fedora 34
6.5
CVSSv3
CVE-2019-8921
An issue exists in bluetoothd in BlueZ up to and including 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, result...
Bluez Bluez
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2019-8922
A heap-based buffer overflow exists in bluetoothd in BlueZ up to and including 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appen...
Bluez Bluez
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2021-41229
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be...
Bluez Bluez 5.58
Debian Debian Linux 9.0
Debian Debian Linux 10.0
9.1
CVSSv3
CVE-2021-43400
An issue exists in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.
Bluez Bluez 5.61
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »