A heap-based buffer overflow was found in BlueZ in the implementation of the gatt protocol due to an integer overflow.
Created bluez tracking bugs for this issue:
Affects: fedora-all [bug 2039808]
Marking services not affected for Bluetooth vulnerability.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
The Github advisory referenced by the CVE (https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q) seems to claim this vulnerability can result in remote code execution, but the CVE says the impact is only denial of service. Why the discrepancy?
Also, for the benefit of downstreams, can a reference to the patch be added to the CVE?