CVE-2021-3588

LOW

cli_feat_read_cb - Memory Corruption

Title source: llm

Description

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

References (2)

[Exploit, Patch, Third Party Advisory] https://github.com/bluez/bluez/issues/70

[Third Party Advisory] https://security.gentoo.org/glsa/202209-16

Scores

CVSS v3 3.3

EPSS 0.0012

EPSS Percentile 30.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-125 CWE-788

Status published

Products (1)

bluez/bluez < 5.56

Published Jun 10, 2021

Tracked Since Feb 18, 2026