CVE-2023-51594

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-51594

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-51594.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-51594

Downstream

RHSA-2024:9413

UBUNTU-CVE-2023-51594

Related

Published

2024-05-03T03:16:20Z

Modified

2025-07-09T14:01:12.786507Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.

The specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.

References

Affected packages

Debian:11 / bluez

Package

Name: bluez
Purl: pkg:deb/debian/bluez?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.55-3.1

5.55-3.1+deb11u1

5.55-3.1+deb11u2

5.58-1~exp0

5.60-1~exp0

5.61-1

5.62-1

5.62-2

5.64-1

5.64-2

5.65-1

5.66-1

5.68-1

5.68-2

5.69-1

5.70-1

5.70-1.1~exp0

5.70-1.1

5.71-1

5.73-1

5.73-1.1

5.77-1

5.79-1

5.79-2

5.82-1

5.82-1.1

5.83-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / bluez

Package

Name: bluez
Purl: pkg:deb/debian/bluez?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.66-1

5.66-1+deb12u1

5.66-1+deb12u2

5.68-1

5.68-2

5.69-1

5.70-1

5.70-1.1~exp0

5.70-1.1

5.71-1

5.73-1

5.73-1.1

5.77-1

5.79-1

5.79-2

5.82-1

5.82-1.1

5.83-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bluez

Package

Name: bluez
Purl: pkg:deb/debian/bluez?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.66-1

5.68-1

5.68-2

5.69-1

5.70-1

5.70-1.1~exp0

5.70-1.1

5.71-1

5.73-1

5.73-1.1

5.77-1

5.79-1

5.79-2

5.82-1

5.82-1.1

5.83-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/bluez/bluez

Affected ranges

Type: GIT
Repo: https://github.com/bluez/bluez
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

63b01d0b0661d6a0048107dcb9e6f12ceac409e0

Affected versions

4.*

4.0

4.1

4.10

4.100

4.101

4.11

4.12

4.13

4.14

4.15

4.16

4.17

4.18

4.19

4.2

4.20

4.21

4.22

4.23

4.24

4.25

4.26

4.27

4.28

4.29

4.3

4.30

4.31

4.32

4.33

4.34

4.35

4.36

4.37

4.38

4.39

4.4

4.40

4.41

4.42

4.43

4.44

4.45

4.46

4.47

4.48

4.49

4.5

4.50

4.51

4.52

4.53

4.54

4.55

4.56

4.57

4.58

4.59

4.6

4.60

4.61

4.62

4.63

4.64

4.65

4.66

4.67

4.68

4.69

4.7

4.70

4.71

4.72

4.73

4.74

4.75

4.76

4.77

4.78

4.79

4.8

4.80

4.81

4.82

4.83

4.84

4.85

4.86

4.87

4.88

4.89

4.9

4.90

4.91

4.92

4.93

4.94

4.95

4.96

4.97

4.98

4.99

5.*

5.0

5.1

5.10

5.11

5.12

5.13

5.14

5.15

5.16

5.17

5.18

5.19

5.2

5.20

5.21

5.22

5.23

5.24

5.25

5.26

5.27

5.28

5.29

5.3

5.30

5.31

5.32

5.33

5.34

5.35

5.36

5.37

5.38

5.39

5.4

5.40

5.41

5.42

5.43

5.44

5.45

5.46

5.47

5.48

5.49

5.5

5.50

5.51

5.52

5.53

5.54

5.55

5.56

5.57

5.58

5.59

5.6

5.60

5.61

5.62

5.63

5.64

5.65

5.66

5.7

5.8

5.9

libs-2.*

libs-2.0

libs-2.0-pre10

libs-2.0-pre7

libs-2.0-pre8

libs-2.0-pre9

libs-2.1

libs-2.10

libs-2.11

libs-2.12

libs-2.13

libs-2.14

libs-2.15

libs-2.16

libs-2.17

libs-2.18

libs-2.19

libs-2.2

libs-2.20

libs-2.21

libs-2.22

libs-2.23

libs-2.24

libs-2.25

libs-2.3

libs-2.4

libs-2.5

libs-2.6

libs-2.7

libs-2.8

libs-2.9

libs-3.*

libs-3.0

libs-3.1

libs-3.10

libs-3.11

libs-3.12

libs-3.13

libs-3.14

libs-3.15

libs-3.16

libs-3.17

libs-3.18

libs-3.19

libs-3.2

libs-3.20

libs-3.21

libs-3.22

libs-3.23

libs-3.24

libs-3.25

libs-3.26

libs-3.27

libs-3.28

libs-3.29

libs-3.3

libs-3.30

libs-3.31

libs-3.32

libs-3.33

libs-3.34

libs-3.35

libs-3.36

libs-3.4

libs-3.5

libs-3.6

libs-3.7

libs-3.8

libs-3.9

utils-2.*

utils-2.0

utils-2.0-pre10

utils-2.0-pre11

utils-2.0-pre12

utils-2.0-pre7

utils-2.0-pre8

utils-2.0-pre9

utils-2.1

utils-2.10

utils-2.11

utils-2.12

utils-2.13

utils-2.14

utils-2.15

utils-2.16

utils-2.17

utils-2.18

utils-2.19

utils-2.2

utils-2.20

utils-2.21

utils-2.22

utils-2.23

utils-2.24

utils-2.25

utils-2.3

utils-2.4

utils-2.5

utils-2.6

utils-2.7

utils-2.8

utils-2.9

utils-3.*

utils-3.0

utils-3.1

utils-3.10

utils-3.10.1

utils-3.11

utils-3.12

utils-3.13

utils-3.14

utils-3.15

utils-3.16

utils-3.17

utils-3.18

utils-3.19

utils-3.2

utils-3.20

utils-3.21

utils-3.22

utils-3.23

utils-3.24

utils-3.25

utils-3.26

utils-3.27

utils-3.28

utils-3.29

utils-3.3

utils-3.30

utils-3.31

utils-3.32

utils-3.33

utils-3.34

utils-3.35

utils-3.36

utils-3.4

utils-3.5

utils-3.6

utils-3.6.1

utils-3.7

utils-3.8

utils-3.9