Home

CVE-2021-43400

Description

An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.172

Associated Vulnerability

VulnerabilityOS Platform
Bluetooth tools and daemons (USN-5155-1) bluez_5.48-0ubuntu3.6_i386.debLinux
Bluetooth tools and daemons (USN-5155-1) bluez_5.48-0ubuntu3.6_amd64.debLinux
Bluetooth tools and daemons (USN-5155-1) bluez_5.53-0ubuntu3.4_i386.debLinux
Bluetooth tools and daemons (USN-5155-1) bluez_5.53-0ubuntu3.4_amd64.debLinux
Bluetooth tools and daemons (USN-5155-1) bluez_5.56-0ubuntu4.3_i386.debLinux
Bluetooth tools and daemons (USN-5155-1) bluez_5.56-0ubuntu4.3_amd64.debLinux
Bluetooth tools and daemons (USN-5155-1) bluez_5.60-0ubuntu2.1_i386.debLinux
Bluetooth tools and daemons (USN-5155-1) bluez_5.60-0ubuntu2.1_amd64.debLinux
Bluetooth tools and daemons (USN-5155-1) libbluetooth3_5.48-0ubuntu3.6_i386.debLinux
Bluetooth tools and daemons (USN-5155-1) libbluetooth3_5.48-0ubuntu3.6_amd64.debLinux
Bluetooth tools and daemons (USN-5155-1) libbluetooth3_5.53-0ubuntu3.4_i386.debLinux
Bluetooth tools and daemons (USN-5155-1) libbluetooth3_5.53-0ubuntu3.4_amd64.debLinux
Bluetooth tools and daemons (USN-5155-1) libbluetooth3_5.56-0ubuntu4.3_i386.debLinux
Bluetooth tools and daemons (USN-5155-1) libbluetooth3_5.56-0ubuntu4.3_amd64.debLinux
Bluetooth tools and daemons (USN-5155-1) libbluetooth3_5.60-0ubuntu2.1_i386.debLinux
Bluetooth tools and daemons (USN-5155-1) libbluetooth3_5.60-0ubuntu2.1_amd64.debLinux
SUSE-SU-2022:3981-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) bluez-5.55-150300.3.14.1.x86_64.rpmLinux
SUSE-SU-2022:3981-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libbluetooth3-5.55-150300.3.14.1.x86_64.rpmLinux
SUSE-SU-2022:3981-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) bluez-deprecated-5.55-150300.3.14.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234