CVE-2023-51589— BlueZ 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-51589の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
跨界内存读
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
BlueZ 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
BlueZ是一款使用C语言编写的蓝牙协议堆栈,它主要用于提供对核心蓝牙层和协议的支持。 BlueZ存在安全漏洞,该漏洞源于存在越界读取信息泄露漏洞,允许网络相邻攻击者通过蓝牙泄露敏感信息。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2023-51589の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-51589のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · BlueZ · 2024-05-03 · 9 CVEs total
| CVE-2023-51594 | BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability | |
| CVE-2023-51596 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2023-51580 | BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclo | |
| CVE-2023-51592 | BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vul | |
| CVE-2023-44431 | BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| CVE-2023-27349 | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnera | |
| CVE-2023-50229 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2023-50230 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerabi |
IV. 関連脆弱性
同じ製品: BlueZ
- CVE-2024-8805
BlueZ HID over GATT Profile Improper Access Control Remote C - CVE-2023-51596
BlueZ Phone Book Access Profile Heap-based Buffer Overflow R - CVE-2023-51594
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure - CVE-2023-51592
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds R - CVE-2023-51580
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-
同じベンダー: BlueZ
- CVE-2024-8805
BlueZ HID over GATT Profile Improper Access Control Remote C - CVE-2023-51596
BlueZ Phone Book Access Profile Heap-based Buffer Overflow R - CVE-2023-51594
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure - CVE-2023-51592
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds R - CVE-2023-51580
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-
同じ弱点: CWE-125
- CVE-2026-8177
XML::LibXML versions through 2.0210 for Perl read out-of-bou - CVE-2026-6104
Global buffer over-read in mb_convert_encoding() with attack - CVE-2026-7258
Out-of-bounds read in urldecode() on NetBSD - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out- - CVE-2026-3508
ASUS System Control Interface 缓冲区错误漏洞
V. CVE-2023-51589へのコメント
まだコメントはありません