Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Memory leak in BlueZ
Vulnerability Description
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
BlueZ 资源管理错误漏洞
Vulnerability Description
BlueZ是一款使用C语言编写的蓝牙协议堆栈,它主要用于提供对核心蓝牙层和协议的支持。 BlueZ 存在资源管理错误漏洞,该漏洞源于在受影响的版本中,sdp的cstate alloc buf中存在一个漏洞,它分配的内存总是挂起在cstate单链表中并且不会被释放,随着时间的推移这将导致内存泄漏。攻击者可利用该漏洞不断发送sdp包造成的,最终可能导致目标设备的服务崩溃。
CVSS Information
N/A
Vulnerability Type
N/A