Back to search
CVE-2008-2374
Published: Jul 7, 2008
Modified: Jan 17, 2025
PUBLISHED
Description
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
31057
third-party-advisory
x_refsource_SECUNIA
30105
vdb-entry
x_refsource_BID
GLSA-200903-29
vendor-advisory
x_refsource_GENTOO
ADV-2008-2096
vdb-entry
x_refsource_VUPEN
MDVSA-2008:145
vendor-advisory
x_refsource_MANDRIVA
34280
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-6140
vendor-advisory
x_refsource_FEDORA
RHSA-2008:0581
vendor-advisory
x_refsource_REDHAT
http://www.bluez.org/bluez-334/
x_refsource_CONFIRM
FEDORA-2008-6133
vendor-advisory
x_refsource_FEDORA
[bluez-devel] 20080616 SDP payload processing vulnerability
mailing-list
x_refsource_MLIST
30957
third-party-advisory
x_refsource_SECUNIA
31833
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9973
vdb-entry
signature
x_refsource_OVAL
1020479
vdb-entry
x_refsource_SECTRACK
32099
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:019
vendor-advisory
x_refsource_SUSE
32279
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now