CVE-2023-44431

BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.

The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.

References

Affected packages

Debian:11 / bluez

Package

Name: bluez
Purl: pkg:deb/debian/bluez?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.55-3.1

5.55-3.1+deb11u1

5.55-3.1+deb11u2

5.58-1~exp0

5.60-1~exp0

5.61-1

5.62-1

5.62-2

5.64-1

5.64-2

5.65-1

5.66-1

5.68-1

5.68-2

5.69-1

5.70-1

5.70-1.1~exp0

5.70-1.1

5.71-1

5.73-1

5.73-1.1

5.77-1

5.79-1

5.79-2

5.82-1

5.82-1.1

5.83-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / bluez

Package

Name: bluez
Purl: pkg:deb/debian/bluez?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.66-1

5.66-1+deb12u1

5.66-1+deb12u2

5.68-1

5.68-2

5.69-1

5.70-1

5.70-1.1~exp0

5.70-1.1

5.71-1

5.73-1

5.73-1.1

5.77-1

5.79-1

5.79-2

5.82-1

5.82-1.1

5.83-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bluez

Package

Name: bluez
Purl: pkg:deb/debian/bluez?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.66-1

5.68-1

5.68-2

5.69-1

5.70-1

5.70-1.1~exp0

5.70-1.1

5.71-1

5.73-1

5.73-1.1

5.77-1

5.79-1

5.79-2

5.82-1

5.82-1.1

5.83-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/bluez/bluez

Affected ranges

Type: GIT
Repo: https://github.com/bluez/bluez
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

63b01d0b0661d6a0048107dcb9e6f12ceac409e0

Affected versions

4.*

4.0

4.1

4.10

4.100

4.101

4.11

4.12

4.13

4.14

4.15

4.16

4.17

4.18

4.19

4.2

4.20

4.21

4.22

4.23

4.24

4.25

4.26

4.27

4.28

4.29

4.3

4.30

4.31

4.32

4.33

4.34

4.35

4.36

4.37

4.38

4.39

4.4

4.40

4.41

4.42

4.43

4.44

4.45

4.46

4.47

4.48

4.49

4.5

4.50

4.51

4.52

4.53

4.54

4.55

4.56

4.57

4.58

4.59

4.6

4.60

4.61

4.62

4.63

4.64

4.65

4.66

4.67

4.68

4.69

4.7

4.70

4.71

4.72

4.73

4.74

4.75

4.76

4.77

4.78

4.79

4.8

4.80

4.81

4.82

4.83

4.84

4.85

4.86

4.87

4.88

4.89

4.9

4.90

4.91

4.92

4.93

4.94

4.95

4.96

4.97

4.98

4.99

5.*

5.0

5.1

5.10

5.11

5.12

5.13

5.14

5.15

5.16

5.17

5.18

5.19

5.2

5.20

5.21

5.22

5.23

5.24

5.25

5.26

5.27

5.28

5.29

5.3

5.30

5.31

5.32

5.33

5.34

5.35

5.36

5.37

5.38

5.39

5.4

5.40

5.41

5.42

5.43

5.44

5.45

5.46

5.47

5.48

5.49

5.5

5.50

5.51

5.52

5.53

5.54

5.55

5.56

5.57

5.58

5.59

5.6

5.60

5.61

5.62

5.63

5.64

5.65

5.66

5.7

5.8

5.9

libs-2.*

libs-2.0

libs-2.0-pre10

libs-2.0-pre7

libs-2.0-pre8

libs-2.0-pre9

libs-2.1

libs-2.10

libs-2.11

libs-2.12

libs-2.13

libs-2.14

libs-2.15

libs-2.16

libs-2.17

libs-2.18

libs-2.19

libs-2.2

libs-2.20

libs-2.21

libs-2.22

libs-2.23

libs-2.24

libs-2.25

libs-2.3

libs-2.4

libs-2.5

libs-2.6

libs-2.7

libs-2.8

libs-2.9

libs-3.*

libs-3.0

libs-3.1

libs-3.10

libs-3.11

libs-3.12

libs-3.13

libs-3.14

libs-3.15

libs-3.16

libs-3.17

libs-3.18

libs-3.19

libs-3.2

libs-3.20

libs-3.21

libs-3.22

libs-3.23

libs-3.24

libs-3.25

libs-3.26

libs-3.27

libs-3.28

libs-3.29

libs-3.3

libs-3.30

libs-3.31

libs-3.32

libs-3.33

libs-3.34

libs-3.35

libs-3.36

libs-3.4

libs-3.5

libs-3.6

libs-3.7

libs-3.8

libs-3.9

utils-2.*

utils-2.0

utils-2.0-pre10

utils-2.0-pre11

utils-2.0-pre12

utils-2.0-pre7

utils-2.0-pre8

utils-2.0-pre9

utils-2.1

utils-2.10

utils-2.11

utils-2.12

utils-2.13

utils-2.14

utils-2.15

utils-2.16

utils-2.17

utils-2.18

utils-2.19

utils-2.2

utils-2.20

utils-2.21

utils-2.22

utils-2.23

utils-2.24

utils-2.25

utils-2.3

utils-2.4

utils-2.5

utils-2.6

utils-2.7

utils-2.8

utils-2.9

utils-3.*

utils-3.0

utils-3.1

utils-3.10

utils-3.10.1

utils-3.11

utils-3.12

utils-3.13

utils-3.14

utils-3.15

utils-3.16

utils-3.17

utils-3.18

utils-3.19

utils-3.2

utils-3.20

utils-3.21

utils-3.22

utils-3.23

utils-3.24

utils-3.25

utils-3.26

utils-3.27

utils-3.28

utils-3.29

utils-3.3

utils-3.30

utils-3.31

utils-3.32

utils-3.33

utils-3.34

utils-3.35

utils-3.36

utils-3.4

utils-3.5

utils-3.6

utils-3.6.1

utils-3.7

utils-3.8

utils-3.9