CVE-2019-8921
MEDIUMbluez < 5.48 - Information Disclosure via SVC_ATTR_REQ Handling
Title source: llmDescription
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211203-0002/
Exploit, Patch, Third Party Advisory
https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
Scores
CVSS v3
6.5
EPSS
0.0094
EPSS Percentile
56.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-345
Status
published
Products (2)
bluez/bluez
< 5.48
debian/debian_linux
10.0
Published
Nov 29, 2021
Tracked Since
Feb 18, 2026