BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.
The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
{ "vanir_signatures": [ { "digest": { "function_hash": "129905515860770125204907878770854051751", "length": 831.0 }, "source": "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443", "id": "CVE-2023-50230-51063d89", "deprecated": false, "signature_version": "v1", "target": { "function": "read_version", "file": "obexd/client/pbap.c" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "164425567483586797048056782771521406564", "339243539476488535186301626308607492346", "26029931549650522073502581951593648305", "56338152221748842126145501726730413299", "56544350967026370986741586863287295304", "140782047637023207733316715606570148485", "285438267478055345032039066623780983565", "87185564937850498998972364784924109268" ] }, "source": "https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443", "id": "CVE-2023-50230-d79d2322", "deprecated": false, "signature_version": "v1", "target": { "file": "obexd/client/pbap.c" }, "signature_type": "Line" } ] }