Information on source package bluez

Available versions

ReleaseVersion
jessie5.43-2+deb9u2~deb8u6
stretch5.43-2+deb9u8
stretch (security)5.43-2+deb9u5
buster5.50-1.2~deb10u6
buster (security)5.50-1.2~deb10u5
bullseye5.55-3.1+deb11u1
bullseye (security)5.55-3.1+deb11u2
bookworm5.66-1+deb12u2
bookworm (security)5.66-1+deb12u1
trixie5.77-1
sid5.77-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-8805vulnerableunknownunknownunknownunknownunknownunknownBluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
CVE-2023-51596vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerableBlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...
CVE-2023-51594vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerableBlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerabi ...
CVE-2023-51592vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerableBlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Inform ...
CVE-2023-51589vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerableBlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Infor ...
CVE-2023-51580vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerableBlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Rea ...
CVE-2023-50230vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedfixedBlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...
CVE-2023-50229vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedfixedBlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...
CVE-2023-44431vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerableBlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Exec ...
CVE-2023-27349vulnerablefixedfixedfixedfixedfixedfixedBlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Co ...
CVE-2021-43400vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedAn issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...
CVE-2018-10910vulnerable (no DSA)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedA bug in Bluez may allow for the Bluetooth Discoverable state being se ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2016-9918vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump ...
CVE-2016-9917vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, a buffer overflow was observed in "read_n" function in ...
CVE-2016-9804vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, a buffer overflow was observed in "commands_dump" funct ...
CVE-2016-9803vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ...
CVE-2016-9802vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" fun ...
CVE-2016-9801vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" functi ...
CVE-2016-9800vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ...
CVE-2016-9799vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" funct ...
CVE-2016-9798vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, a use-after-free was identified in "conf_opt" function ...
CVE-2016-9797vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableIn BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" functio ...

Resolved issues

BugDescription
CVE-2023-45866Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral ...
CVE-2022-39177BlueZ before 5.59 allows physically proximate attackers to cause a den ...
CVE-2022-39176BlueZ before 5.59 allows physically proximate attackers to obtain sens ...
CVE-2022-3637A vulnerability has been found in Linux Kernel and classified as probl ...
CVE-2022-3563A vulnerability classified as problematic has been found in Linux Kern ...
CVE-2022-0204A heap overflow vulnerability was found in bluez in versions prior to ...
CVE-2021-41229BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...
CVE-2021-3658bluetoothd from bluez incorrectly saves adapters' Discoverable status ...
CVE-2021-3588The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...
CVE-2021-0129Improper access control in BlueZ may allow an authenticated user to po ...
CVE-2020-27153In BlueZ before 5.55, a double free was found in the gatttool disconne ...
CVE-2020-26560Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ...
CVE-2020-26559Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ...
CVE-2020-26558Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification ...
CVE-2020-26557Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...
CVE-2020-26556Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...
CVE-2020-0556Improper access control in subsystem for BlueZ before version 5.54 may ...
CVE-2019-8922A heap-based buffer overflow was discovered in bluetoothd in BlueZ thr ...
CVE-2019-8921An issue was discovered in bluetoothd in BlueZ through 5.48. The vulne ...
CVE-2017-1000250All versions of the SDP server in BlueZ 5.46 and earlier are vulnerabl ...
CVE-2016-7837Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execut ...

Security announcements

DSA / DLADescription
DLA-3879-1bluez - security update
ELA-1177-1bluez - security update
DLA-3820-1bluez - security update
DSA-5584-1bluez - security update
ELA-1023-1bluez - security update
DLA-3689-1bluez - security update
ELA-720-1bluez - security update
DLA-3157-1bluez - security update
DLA-2827-1bluez - security update
ELA-522-1bluez - security update
DSA-4951-1bluez - security update
DLA-2692-1bluez - security update
ELA-445-1bluez - security update
ELA-301-1bluez - security update
DLA-2410-1bluez - security update
DLA-2240-1bluez - security update
DSA-4647-1bluez - security update
DLA-1103-1bluez - security update
DSA-3972-1bluez - security update

Search for package or bug name: Reporting problems