src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
References
Configurations
History
13 Feb 2024, 16:09
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html - Mailing List | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/2096/references - Broken Link | |
References | (GENTOO) http://security.gentoo.org/glsa/glsa-200903-29.xml - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/30105 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:145 - Broken Link | |
References | (MLIST) http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com - Broken Link, Exploit | |
References | (SECUNIA) http://secunia.com/advisories/31057 - Broken Link | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html - Mailing List | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/32099 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/31833 - Broken Link | |
References | (SECTRACK) http://www.securitytracker.com/id?1020479 - Broken Link, Third Party Advisory, VDB Entry | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0581.html - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/30957 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/34280 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/32279 - Broken Link | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html - Third Party Advisory | |
References | (CONFIRM) http://www.bluez.org/bluez-334/ - Product | |
CWE | CWE-20 |
CWE-1284 |
CPE | cpe:2.3:a:bluez:bluez_libs:*:*:*:*:*:*:*:* |
cpe:2.3:a:bluez:bluez-libs:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* cpe:2.3:a:bluez:bluez-utils:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* |
First Time |
Fedoraproject fedora
Bluez bluez-utils Fedoraproject Bluez bluez-libs |
Information
Published : 2008-07-07 23:41
Updated : 2024-02-28 11:21
NVD link : CVE-2008-2374
Mitre link : CVE-2008-2374
CVE.ORG link : CVE-2008-2374
JSON object : View
Products Affected
fedoraproject
- fedora
bluez
- bluez-libs
- bluez-utils
CWE
CWE-1284
Improper Validation of Specified Quantity in Input