Bug 2027459 (CVE-2019-8922)
Summary: | CVE-2019-8922 bluez: heap-based buffer overflow via crafted request | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bdettelb, bnocera, darcari, dwmw2, dzickus, hwkernel-mgr, spacewar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | bluez 5.49 | Doc Type: | If docs needed, set a value |
Doc Text: |
A heap-based buffer overflow was discovered in bluetoothd in bluez through version 5.48. A missing check on whether there is enough space in the destination buffer can allow an attacker to exploit the vulnerability by crafting a request where the response is large enough to overflow the preallocated buffer.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2031791 | ||
Bug Blocks: | 2027460 |
Description
Guilherme de Almeida Suckevicz
2021-11-29 17:45:31 UTC
As per you note this was vulnerable "through 5.48". We build 5.49 for Fedora 27/28/29 on Mar 20 2018, this CVE has been fixed for nearly 4 years in Fedora why is this being opened now? Actually it looks like el8 is 5.56-2.el8 so it looks like this is fixed in RHEL-8 too In reply to comment #1: > As per you note this was vulnerable "through 5.48". We build 5.49 for Fedora > 27/28/29 on Mar 20 2018, this CVE has been fixed for nearly 4 years in > Fedora why is this being opened now? Hi, this is a flaw bug and it's used to track all Red Hat products that may be affected by this issue, it's not just for Fedora. |