BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.
History

Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-05-03T02:15:19.369Z

Updated: 2024-08-02T22:40:33.852Z

Reserved: 2023-12-20T20:38:20.870Z

Link: CVE-2023-51589

cve-icon Vulnrichment

Updated: 2024-08-02T22:40:33.852Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-03T03:16:19.230

Modified: 2024-05-03T12:48:41.067

Link: CVE-2023-51589

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-03T00:00:00Z

Links: CVE-2023-51589 - Bugzilla