 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2023-27349 |
| Description: | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network- adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.833241 1.3.6.1.4.1.25623.1.1.1.2.2024.3820 1.3.6.1.4.1.25623.1.1.4.2023.2545.1 1.3.6.1.4.1.25623.1.1.4.2023.2562.1 1.3.6.1.4.1.25623.1.1.4.2023.2533.1 1.3.6.1.4.1.25623.1.1.4.2023.2613.1 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-27349 ZDI-23-386 https://www.zerodayinitiative.com/advisories/ZDI-23-386/ vendor-provided URL https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9 https://lists.debian.org/debian-lts-announce/2024/05/msg00015.html |