UBUNTU-CVE-2019-8922

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2019-8922

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-8922.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-8922

Related

Published

2021-11-29T08:15:00Z

Modified

2021-11-29T08:15:00Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in serviceattrreq gets called by process_request (in sdpd-request.c), which also allocates the response buffer.

References

Affected packages

Ubuntu:Pro:16.04:LTS / bluez

Package

Name: bluez

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.35-0ubuntu2

5.36-0ubuntu1

5.37-0ubuntu5

5.37-0ubuntu5.1

5.37-0ubuntu5.3

5.37-0ubuntu5.3+esm1

5.37-0ubuntu5.3+esm2

5.37-0ubuntu5.3+esm3

5.37-0ubuntu5.3+esm4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / bluez

Package

Name: bluez
Purl: pkg:deb/ubuntu/bluez@5.48-0ubuntu3.7?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.48-0ubuntu3.7

Affected versions

5.*

5.46-0ubuntu3

5.46-0ubuntu4

5.48-0ubuntu3

5.48-0ubuntu3.1

5.48-0ubuntu3.2

5.48-0ubuntu3.3

5.48-0ubuntu3.4

5.48-0ubuntu3.5

5.48-0ubuntu3.6

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libbluetooth3": "5.48-0ubuntu3.7",
            "bluetooth": "5.48-0ubuntu3.7",
            "bluez-hcidump": "5.48-0ubuntu3.7",
            "bluez-cups": "5.48-0ubuntu3.7",
            "bluez-tests": "5.48-0ubuntu3.7",
            "libbluetooth3-dbg": "5.48-0ubuntu3.7",
            "bluez-dbg": "5.48-0ubuntu3.7",
            "libbluetooth-dev": "5.48-0ubuntu3.7",
            "bluez": "5.48-0ubuntu3.7",
            "bluez-obexd": "5.48-0ubuntu3.7"
        }
    ]
}

Ubuntu:20.04:LTS / bluez

Package

Name: bluez
Purl: pkg:deb/ubuntu/bluez@5.53-0ubuntu3?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.53-0ubuntu3

Affected versions

5.*

5.50-0ubuntu4

5.51-0ubuntu1

5.51-0ubuntu2

5.52-0ubuntu1

5.52-0ubuntu2

5.53-0ubuntu1

5.53-0ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libbluetooth3": "5.53-0ubuntu3",
            "bluetooth": "5.53-0ubuntu3",
            "bluez-hcidump": "5.53-0ubuntu3",
            "bluez-cups": "5.53-0ubuntu3",
            "bluez-tests": "5.53-0ubuntu3",
            "libbluetooth3-dbg": "5.53-0ubuntu3",
            "bluez-dbg": "5.53-0ubuntu3",
            "libbluetooth-dev": "5.53-0ubuntu3",
            "bluez": "5.53-0ubuntu3",
            "bluez-obexd": "5.53-0ubuntu3"
        }
    ]
}