CVE-2008-2374

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bluez:bluez-libs:*:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez-utils:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

History

13 Feb 2024, 16:09

Type Values Removed Values Added
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html - Mailing List
References (VUPEN) http://www.vupen.com/english/advisories/2008/2096/references - (VUPEN) http://www.vupen.com/english/advisories/2008/2096/references - Broken Link
References (GENTOO) http://security.gentoo.org/glsa/glsa-200903-29.xml - (GENTOO) http://security.gentoo.org/glsa/glsa-200903-29.xml - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/30105 - (BID) http://www.securityfocus.com/bid/30105 - Broken Link, Third Party Advisory, VDB Entry
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:145 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:145 - Broken Link
References (MLIST) http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com - Exploit (MLIST) http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com - Broken Link, Exploit
References (SECUNIA) http://secunia.com/advisories/31057 - (SECUNIA) http://secunia.com/advisories/31057 - Broken Link
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html - Mailing List
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973 - Broken Link
References (SECUNIA) http://secunia.com/advisories/32099 - (SECUNIA) http://secunia.com/advisories/32099 - Broken Link
References (SECUNIA) http://secunia.com/advisories/31833 - (SECUNIA) http://secunia.com/advisories/31833 - Broken Link
References (SECTRACK) http://www.securitytracker.com/id?1020479 - (SECTRACK) http://www.securitytracker.com/id?1020479 - Broken Link, Third Party Advisory, VDB Entry
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0581.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0581.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/30957 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/30957 - Broken Link, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/34280 - (SECUNIA) http://secunia.com/advisories/34280 - Broken Link
References (SECUNIA) http://secunia.com/advisories/32279 - (SECUNIA) http://secunia.com/advisories/32279 - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html - Third Party Advisory
References (CONFIRM) http://www.bluez.org/bluez-334/ - (CONFIRM) http://www.bluez.org/bluez-334/ - Product
CWE NVD-CWE-noinfo
CWE-20
CWE-1284
CPE cpe:2.3:a:bluez:bluez_utils:*:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez_libs:*:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez-libs:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:a:bluez:bluez-utils:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
First Time Fedoraproject fedora
Bluez bluez-utils
Fedoraproject
Bluez bluez-libs

Information

Published : 2008-07-07 23:41

Updated : 2024-02-28 11:21


NVD link : CVE-2008-2374

Mitre link : CVE-2008-2374

CVE.ORG link : CVE-2008-2374


JSON object : View

Products Affected

fedoraproject

  • fedora

bluez

  • bluez-libs
  • bluez-utils
CWE
CWE-1284

Improper Validation of Specified Quantity in Input