Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-3588

Published: 10 June 2021

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

Priority

Medium

CVSS 3 base score: 3.3

Status

Package Release Status
bluez
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (5.53-0ubuntu3.2)
groovy
Released (5.55-0ubuntu1.2)
hirsute Not vulnerable
(5.56-0ubuntu4)
impish Not vulnerable
(5.58-0ubuntu1)
jammy Not vulnerable
(5.58-0ubuntu1)
trusty Does not exist

upstream
Released (5.56)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a (minimal)
upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=87184a20cfcfe1523926a2e4a724c1a01c7ae0fb
upstream: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6a50b6aeda78a88eafb177718109c256eec077a6