SB2020121030 - Double Free in bluez (Alpine package)
Published: December 10, 2020 Updated: September 29, 2022
Security Bulletin ID
SB2020121030
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Double Free (CVE-ID: CVE-2020-27153)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker can cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3658872660c49542a14697c5b9d8c844b7b8ed77
- https://git.alpinelinux.org/aports/commit/?id=0e1cfdcae4ef86baf530de61d2540c7b6d2da001
- https://git.alpinelinux.org/aports/commit/?id=78762a6643e2800c3ce549768ba4797cd2e2634f
- https://git.alpinelinux.org/aports/commit/?id=801680ad17f63d253e67728a07662db31c288134
- https://git.alpinelinux.org/aports/commit/?id=cd7fe7b4b41bc8fb6be88c42c7bb1ef44f93a5e2