Debian/bluez — 50 CVEs · VulnScope

pkg:Debian/bluez

50 total CVEsCRITICAL1HIGH18MEDIUM29LOW2

✅ Check your installed version

All known vulnerabilities

CRITICAL9.1CVE-2021-43400An issue was discovered in gatt-database.c in BlueZ 5.61.
from 0, < 5.55-3.1+deb11u2
HIGH8.8CVE-2022-39177BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be proc…
from 0, < 5.55-3.1+deb11u2
HIGH8.8BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate pa…
from 0, < 5.55-3.1+deb11u2
HIGH8.8A heap overflow vulnerability was found in bluez in versions prior to 5.63.
from 0, < 5.55-3.1+deb11u2
HIGH8.8A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48.
from 0, < 5.54-1
HIGH8.6bluez - security update
from 0, < 5.55-1
HIGH8.6bluez - security update
from 0, < 5.43-2+deb9u3
HIGH8.0BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability.
from 0, < 5.55-3.1+deb11u2
HIGH8.0BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability.
from 0, < 5.55-3.1+deb11u2
HIGH8.0BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability.
from 0
HIGH8.0bluez - security update
from 0, < 5.55-3.1+deb11u2
HIGH8.0bluez - security update
from 0, < 5.50-1.2~deb10u5
HIGH7.8Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland ut…
from 0, < 5.43-1
HIGH7.5In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file.
from 0
HIGH7.5In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file.
from 0
HIGH7.1BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability.
from 0
HIGH7.1bluez - security update
from 0, < 5.50-1.1
HIGH7.1bluez - security update
from 0, < 5.43-2+deb9u2
HIGH7.1bluez - security update
from 0, < 5.43-2+deb9u2~deb8u1
MEDIUM6.5bluez - security update
from 0, < 5.55-3.1+deb11u2
MEDIUM6.5bluez - security update
from 0, < 5.55-3.1+deb11u2
MEDIUM6.5bluez - security update
from 0, < 5.50-1.2~deb10u3
MEDIUM6.5bluez - security update
from 0, < 5.54-1
MEDIUM6.5bluez - security update
from 0, < 5.43-2+deb9u5
MEDIUM6.5BlueZ is a Bluetooth protocol stack for Linux.
from 0, < 5.55-3.1+deb11u2
MEDIUM6.5bluez - security update
from 0, < 4.99-2+deb7u1
MEDIUM6.5bluez - security update
from 0, < 5.23-2+deb8u1
MEDIUM6.5bluez - security update
from 0, < 5.46-1
MEDIUM6.3bluez - security update
from 0, < 5.55-3.1+deb11u1
MEDIUM6.3bluez - security update
from 0, < 5.55-3.1+deb11u1
MEDIUM6.3bluez - security update
from 0, < 5.50-1.2~deb10u4
MEDIUM5.7BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability.
from 0
MEDIUM5.7BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability.
from 0
MEDIUM5.7BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability.
from 0
MEDIUM5.7BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability.
from 0
MEDIUM5.7A vulnerability classified as problematic has been found in Linux Kernel.
from 0, < 5.65-1
MEDIUM5.7Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
from 0, < 5.55-3.1
MEDIUM5.3In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file.
from 0
MEDIUM5.3In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file.
from 0
MEDIUM5.3In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file.
from 0
MEDIUM5.3In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted du…
from 0
MEDIUM5.3In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file.
from 0
MEDIUM5.3In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file.
from 0
MEDIUM5.3In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file.
from 0
MEDIUM5.3In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file.
from 0
MEDIUM4.2bluez - security update
from 0, < 5.43-2+deb9u4
MEDIUM4.2bluez - security update
from 0, < 5.55-3.1
MEDIUM4.2bluez - security update
from 0, < 5.50-1.2~deb10u2
LOW3.3The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index…
from 0, < 5.55-3.1
LOW3.3A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system.
from 0, < 5.54-1