CVE-2020-27153

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-27153
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27153.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-27153
Downstream
Related
Published
2020-10-15T03:15:12.120Z
Modified
2026-03-20T11:35:44.507701Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator
Summary
[none]
Details

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

References

Affected packages

Git / github.com/bluez/bluez

Affected ranges

Type
GIT
Repo
https://github.com/bluez/bluez
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5a180f2ec9edfacafd95e5fed20d36fe8e077f07
Fixed
1cd644db8c23a2f530ddb93cebed7dacc5f5721a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.55"
        }
    ]
}

Affected versions

4.*
4.0
4.1
4.10
4.100
4.101
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.3
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.4
4.40
4.41
4.42
4.43
4.44
4.45
4.46
4.47
4.48
4.49
4.5
4.50
4.51
4.52
4.53
4.54
4.55
4.56
4.57
4.58
4.59
4.6
4.60
4.61
4.62
4.63
4.64
4.65
4.66
4.67
4.68
4.69
4.7
4.70
4.71
4.72
4.73
4.74
4.75
4.76
4.77
4.78
4.79
4.8
4.80
4.81
4.82
4.83
4.84
4.85
4.86
4.87
4.88
4.89
4.9
4.90
4.91
4.92
4.93
4.94
4.95
4.96
4.97
4.98
4.99
5.*
5.0
5.1
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
5.2
5.20
5.21
5.22
5.23
5.24
5.25
5.26
5.27
5.28
5.29
5.3
5.30
5.31
5.32
5.33
5.34
5.35
5.36
5.37
5.38
5.39
5.4
5.40
5.41
5.42
5.43
5.44
5.45
5.46
5.47
5.48
5.49
5.5
5.50
5.51
5.52
5.53
5.54
5.6
5.7
5.8
5.9
libs-2.*
libs-2.0
libs-2.0-pre10
libs-2.0-pre7
libs-2.0-pre8
libs-2.0-pre9
libs-2.1
libs-2.10
libs-2.11
libs-2.12
libs-2.13
libs-2.14
libs-2.15
libs-2.16
libs-2.17
libs-2.18
libs-2.19
libs-2.2
libs-2.20
libs-2.21
libs-2.22
libs-2.23
libs-2.24
libs-2.25
libs-2.3
libs-2.4
libs-2.5
libs-2.6
libs-2.7
libs-2.8
libs-2.9
libs-3.*
libs-3.0
libs-3.1
libs-3.10
libs-3.11
libs-3.12
libs-3.13
libs-3.14
libs-3.15
libs-3.16
libs-3.17
libs-3.18
libs-3.19
libs-3.2
libs-3.20
libs-3.21
libs-3.22
libs-3.23
libs-3.24
libs-3.25
libs-3.26
libs-3.27
libs-3.28
libs-3.29
libs-3.3
libs-3.30
libs-3.31
libs-3.32
libs-3.33
libs-3.34
libs-3.35
libs-3.36
libs-3.4
libs-3.5
libs-3.6
libs-3.7
libs-3.8
libs-3.9
utils-2.*
utils-2.0
utils-2.0-pre10
utils-2.0-pre11
utils-2.0-pre12
utils-2.0-pre7
utils-2.0-pre8
utils-2.0-pre9
utils-2.1
utils-2.10
utils-2.11
utils-2.12
utils-2.13
utils-2.14
utils-2.15
utils-2.16
utils-2.17
utils-2.18
utils-2.19
utils-2.2
utils-2.20
utils-2.21
utils-2.22
utils-2.23
utils-2.24
utils-2.25
utils-2.3
utils-2.4
utils-2.5
utils-2.6
utils-2.7
utils-2.8
utils-2.9
utils-3.*
utils-3.0
utils-3.1
utils-3.10
utils-3.10.1
utils-3.11
utils-3.12
utils-3.13
utils-3.14
utils-3.15
utils-3.16
utils-3.17
utils-3.18
utils-3.19
utils-3.2
utils-3.20
utils-3.21
utils-3.22
utils-3.23
utils-3.24
utils-3.25
utils-3.26
utils-3.27
utils-3.28
utils-3.29
utils-3.3
utils-3.30
utils-3.31
utils-3.32
utils-3.33
utils-3.34
utils-3.35
utils-3.36
utils-3.4
utils-3.5
utils-3.6
utils-3.6.1
utils-3.7
utils-3.8
utils-3.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27153.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.2"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2020-27153-5c9af719",
        "source": "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a",
        "digest": {
            "line_hashes": [
                "193031578723794859252025779680268025050",
                "328489074626764670051532720376588187963",
                "234780927341935949843624079351461986700",
                "315667152069755274390545420421362562734",
                "135989866379935825391429829556551430383",
                "159111306259249961601994318252371408006",
                "133457257734803768519132419718574797765",
                "158108262920956119807404915421559473776",
                "254205889322255188941922808524596469852",
                "328180784454490762655644906709495665121",
                "3509613340198738847501478267685258168",
                "216061193566643570294522832304722192320",
                "100307739094877673628949319102881601483",
                "165653913577279199058309468338404586834",
                "236085318238112343811746810732155052492",
                "20473985302098799622098429475406693735",
                "127270796435307027120357940523067201530",
                "74521990784890663215507818586454338326",
                "207218834111476324065311991714828591242",
                "276679355697489795698190647522775802440",
                "97412044546354208512225428254390029890",
                "10550507841831675259749901203115382645",
                "158710138297906037179770610129074560535",
                "154523380595998693114353828452535992602"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/shared/att.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2020-27153-5dcc1a0f",
        "source": "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a",
        "digest": {
            "function_hash": "251085821085271362817089067465857009678",
            "length": 665.0
        },
        "target": {
            "function": "bt_att_cancel",
            "file": "src/shared/att.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2020-27153-5debd5f7",
        "source": "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a",
        "digest": {
            "function_hash": "331238215432473323968595143202019330246",
            "length": 1133.0
        },
        "target": {
            "function": "disconnect_cb",
            "file": "src/shared/att.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2020-27153-62583467",
        "source": "https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a",
        "digest": {
            "function_hash": "217313407953137803246294354082360522010",
            "length": 190.0
        },
        "target": {
            "function": "cancel_att_send_op",
            "file": "src/shared/att.c"
        }
    }
]