BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
History

Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-05-03T02:14:47.428Z

Updated: 2024-08-02T22:09:49.804Z

Reserved: 2023-12-05T16:15:17.545Z

Link: CVE-2023-50230

cve-icon Vulnrichment

Updated: 2024-08-02T22:09:49.804Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-03T03:16:11.853

Modified: 2024-05-03T12:48:41.067

Link: CVE-2023-50230

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-03T00:00:00Z

Links: CVE-2023-50230 - Bugzilla