AZL-34571

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34571.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-34571

Upstream

CVE-2023-45866

Published

2023-12-08T06:15:45Z

Modified

2026-04-01T05:11:32.607925Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

CVE-2023-45866 affecting package bluez for versions less than 5.63-6

Details

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-45866

Affected packages

Azure Linux:3 / bluez

Package

Name: bluez
Purl: pkg:rpm/azure-linux/bluez

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.63-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34571.json"