Your submission was sent successfully! Close

CVE-2020-9770

Published: 1 April 2020

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.

Notes

AuthorNote
amurray
For Ubuntu this only appears to affect gatttool from bluez. Marking this as low priority since this tool is not running or enabled by default (and is deprecated in favour of bluetoothctl).
mdeslaur
no upstream fix as of 2021-05-26
Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
bluez
Launchpad, Ubuntu, Debian
bionic Deferred

focal Deferred

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Deferred

kinetic Deferred

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Deferred