CVE-2021-3588

memory contents disclosure in cli_feat_read_cb

Published: 6/10/2021 Last updated: 9/16/2024 Reserved: 6/8/2021

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

CNA assigner: canonical (cc1ad9ee-3454-478d-9317-d3e869d708bc) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.3	Low	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Opam packages affected (2)

conf-bluetooth mindstorm

Products affected (0)

No product listed.

References (4)

https://github.com/bluez/bluez/issues/70
https://security.gentoo.org/glsa/202209-16
https://github.com/bluez/bluez/issues/70
https://security.gentoo.org/glsa/202209-16