Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-41229

Related Vulnerabilities: CVE-2021-41229  

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.

Source

Description

The MITRE CVE dictionary describes this issue as:

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.

Additional Information

  • Bugzilla 2025034: CVE-2021-41229 bluez: memory leak in the SDP protocol
  • (CWE-400|CWE-401): Uncontrolled Resource Consumption or Missing Release of Memory after Effective Lifetime
  • FAQ: Frequently asked questions about CVE-2021-41229

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started