Vulnerability Details : CVE-2019-8922
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2019-8922
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-8922
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-8922
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:P |
6.5
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-8922
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-8922
-
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
[SECURITY] [DLA 3157-1] bluez security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20211203-0002/
November 2021 BlueZ Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
SSD Advisory – Linux BlueZ Information Leak and Heap Overflow - SSD Secure DisclosureExploit;Third Party Advisory
Jump to