CVE-2019-8922

{"id": "CVE-2019-8922", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-11-29T08:15:07.627", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20211203-0002/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer."}, {"lang": "es", "value": "Se ha detectado un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en bluetoothd en BlueZ versiones hasta 5.48. No presenta ninguna comprobaci\u00f3n sobre si presenta suficiente espacio en el buffer de destino. La funci\u00f3n simplemente a\u00f1ade todos los datos que son pasados. Los valores de todos los atributos solicitados son a\u00f1adidos al b\u00fafer de salida. No se presenta ning\u00fan tipo de comprobaci\u00f3n de tama\u00f1o, resultando en un simple desbordamiento de la pila si es posible dise\u00f1ar una petici\u00f3n en la que la respuesta sea lo suficientemente grande como para desbordar el b\u00fafer preasignado. Este problema se presenta cuando service_attr_req es llamado por process_request (en el archivo sdpd-request.c), que tambi\u00e9n asigna el buffer de respuesta"}], "lastModified": "2022-11-07T19:01:19.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B46FC6F0-636B-46F4-815C-61DC2A543CBB", "versionEndIncluding": "5.48"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}