CVE-2008-2374

Exploit

EPSS 6.04%
Published 07.07.2008 23:41:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

Affected products Warnungen 0 Metrics 3 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Bluez ≫ Bluez-libs Version < 3.34

Bluez ≫ Bluez-utils Version < 3.34

Fedoraproject ≫ Fedora Version8

Fedoraproject ≫ Fedora Version9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.04%	0.897

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

Third Party Advisory

http://secunia.com/advisories/32099

Broken Link

http://secunia.com/advisories/30957

Vendor Advisory

Broken Link

http://secunia.com/advisories/31057

Broken Link

http://secunia.com/advisories/31833

Broken Link

http://secunia.com/advisories/32279