CVE-2019-9506

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-9506

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9506.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-9506

Downstream

DEBIAN-CVE-2019-9506

DLA-1919-1

DLA-1930-1

RHSA-2019:2975

RHSA-2019:3055

RHSA-2019:3076

RHSA-2019:3089

RHSA-2019:3165

RHSA-2019:3187

RHSA-2019:3217

RHSA-2019:3218

RHSA-2019:3220

RHSA-2019:3231

RHSA-2019:3309

RHSA-2019:3517

RHSA-2020:0204

RHSA-2020:1460

SUSE-SU-2019:2648-1

SUSE-SU-2019:2651-1

SUSE-SU-2019:2658-1

SUSE-SU-2019:2706-1

SUSE-SU-2019:2710-1

SUSE-SU-2019:2756-1

SUSE-SU-2019:2879-1

SUSE-SU-2019:2949-1

SUSE-SU-2019:2950-1

SUSE-SU-2019:2984-1

SUSE-SU-2019:3200-1

SUSE-SU-2019:3295-1

SUSE-SU-2020:0093-1

UBUNTU-CVE-2019-9506

USN-4115-1

USN-4118-1

USN-4147-1

openSUSE-SU-2019:2307-1

openSUSE-SU-2019:2308-1

Related

Published

2019-08-14T17:15:11Z

Modified

2025-08-09T20:01:27Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

References

Affected packages