CVE-2017-1000250

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
bluezbluez
𝑥
≤ 5.46
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bluez
bullseye
5.55-3.1+deb11u1
fixed
bullseye (security)
5.55-3.1+deb11u2
fixed
bookworm
5.66-1+deb12u2
fixed
bookworm (security)
5.66-1+deb12u1
fixed
sid
5.77-1
fixed
trixie
5.77-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bluez
zesty
Fixed 5.43-0ubuntu1.1
released
xenial
Fixed 5.37-0ubuntu5.1
released
trusty
Fixed 4.101-0ubuntu13.3
released
Common Weakness Enumeration
References
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://www.debian.org/security/2017/dsa-3972
http://www.securityfocus.com/bid/100814
https://access.redhat.com/errata/RHSA-2017:2685
https://access.redhat.com/security/vulnerabilities/blueborne
https://www.armis.com/blueborne
https://www.kb.cert.org/vuls/id/240311
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne
https://access.redhat.com/security/cve/CVE-2017-1000250
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://www.debian.org/security/2017/dsa-3972
http://www.securityfocus.com/bid/100814
https://access.redhat.com/errata/RHSA-2017:2685
https://access.redhat.com/security/vulnerabilities/blueborne
https://www.armis.com/blueborne
https://www.kb.cert.org/vuls/id/240311
https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne