CVE-2017-1000250

MEDIUM

BlueZ <5.46 - Info Disclosure

Title source: llm

Description

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

Exploits (2)

github WORKING POC 38 stars

by Miracle963 · pythonpoc

https://github.com/Miracle963/bluetooth-cve/tree/master/littl_tools/CVE-2017-1000250

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by olav-st · poc

https://github.com/olav-st/CVE-2017-1000250-PoC

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://nvidia.custhelp.com/app/answers/detail/a_id/4561

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100814

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:2685

[Not Applicable] https://access.redhat.com/security/vulnerabilities/blueborne

[Exploit, Technical Description, Third Party Advisory] https://www.armis.com/blueborne

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/240311

[Various Sources] https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

[Issue Tracking, Third Party Advisory, VDB Entry] https://access.redhat.com/security/cve/CVE-2017-1000250

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3972

Scores

CVSS v3 6.5

EPSS 0.3430

EPSS Percentile 97.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

bluez/bluez < 5.46

Published Sep 12, 2017

Tracked Since Feb 18, 2026