src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jan 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published: 2008-07-07T23:00:00
Updated: 2025-01-17T15:15:36.238Z
Reserved: 2008-05-21T00:00:00
Link: CVE-2008-2374

Updated: 2024-08-07T08:58:02.290Z

Status : Modified
Published: 2008-07-07T23:41:00.000
Modified: 2025-01-17T16:15:25.913
Link: CVE-2008-2374
