Main Vulnerability Database Vulnerabilities #VU75105

Buffer overflow in BlueZ - CVE-2023-27349

Published: April 13, 2023

Vulnerability identifier: #VU75105

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-27349

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: BlueZ Project

Affected software:
BlueZ

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of the AVRCP protocol. A remote attacker with physical proximity to device can send specially crafted Bluetooth packets to the affected system, trigger memory corruption and execute arbitrary code on the system.

How to mitigate CVE-2023-27349

Install updates from vendor's website.

Sources

https://www.zerodayinitiative.com/advisories/ZDI-23-386/
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9

Buffer overflow in BlueZ - CVE-2023-27349

Detailed vulnerability description

How to mitigate CVE-2023-27349

Sources

Please verify you're human