Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.3
CVSSv2

CVE-2021-41229

Published: 12/11/2021 Updated: 07/11/2022
CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 294
Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Bluez

Vulnerability Summary

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bluez bluez 5.58

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Red Hat: Low: bluez security update
Synopsis Low: bluez security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bluez is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact ...
Debian CVElist Bug Report Logs: bluez: CVE-2021-41229: memory leak in the SDP protocol handling
Debian Bug report logs - #1000262 bluez: CVE-2021-41229: memory leak in the SDP protocol handling Package: src:bluez; Maintainer for src:bluez is Debian Bluetooth Maintainers <team+pkg-bluetooth@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Nov 2021 14:48:02 UTC Severity: im ...
Red Hat: CVE-2021-41229
BlueZ is a Bluetooth protocol stack for Linux In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed This will cause a memory leak over time The data can be a very large object, which can be caused by an attacker continuously ...
Arch Linux Issues:
In BlueZ, a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed This will cause a memory leak over time The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the ...

References

CWE-401https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xqhttps://lists.debian.org/debian-lts-announce/2021/11/msg00022.htmlhttps://security.netapp.com/advisory/ntap-20211203-0004/https://lists.debian.org/debian-lts-announce/2022/10/msg00026.htmlhttps://access.redhat.com/errata/RHSA-2022:2081https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-41229
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook