| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2024-8805 | vulnerable | unknown | unknown | unknown | unknown | unknown | unknown | Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE |
| CVE-2023-51596 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ... |
| CVE-2023-51594 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerabi ... |
| CVE-2023-51592 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Inform ... |
| CVE-2023-51589 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Infor ... |
| CVE-2023-51580 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Rea ... |
| CVE-2023-50230 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | fixed | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ... |
| CVE-2023-50229 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | fixed | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ... |
| CVE-2023-44431 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Exec ... |
| CVE-2023-27349 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Co ... |
| CVE-2021-43400 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ... |
| CVE-2018-10910 | vulnerable (no DSA) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | A bug in Bluez may allow for the Bluetooth Discoverable state being se ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2016-9918 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump ... |
| CVE-2016-9917 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, a buffer overflow was observed in "read_n" function in ... |
| CVE-2016-9804 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, a buffer overflow was observed in "commands_dump" funct ... |
| CVE-2016-9803 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ... |
| CVE-2016-9802 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" fun ... |
| CVE-2016-9801 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" functi ... |
| CVE-2016-9800 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ... |
| CVE-2016-9799 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" funct ... |
| CVE-2016-9798 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, a use-after-free was identified in "conf_opt" function ... |
| CVE-2016-9797 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" functio ... |
| Bug | Description |
|---|
| CVE-2023-45866 | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral ... |
| CVE-2022-39177 | BlueZ before 5.59 allows physically proximate attackers to cause a den ... |
| CVE-2022-39176 | BlueZ before 5.59 allows physically proximate attackers to obtain sens ... |
| CVE-2022-3637 | A vulnerability has been found in Linux Kernel and classified as probl ... |
| CVE-2022-3563 | A vulnerability classified as problematic has been found in Linux Kern ... |
| CVE-2022-0204 | A heap overflow vulnerability was found in bluez in versions prior to ... |
| CVE-2021-41229 | BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ... |
| CVE-2021-3658 | bluetoothd from bluez incorrectly saves adapters' Discoverable status ... |
| CVE-2021-3588 | The cli_feat_read_cb() function in src/gatt-database.c does not perfor ... |
| CVE-2021-0129 | Improper access control in BlueZ may allow an authenticated user to po ... |
| CVE-2020-27153 | In BlueZ before 5.55, a double free was found in the gatttool disconne ... |
| CVE-2020-26560 | Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ... |
| CVE-2020-26559 | Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ... |
| CVE-2020-26558 | Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification ... |
| CVE-2020-26557 | Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ... |
| CVE-2020-26556 | Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ... |
| CVE-2020-0556 | Improper access control in subsystem for BlueZ before version 5.54 may ... |
| CVE-2019-8922 | A heap-based buffer overflow was discovered in bluetoothd in BlueZ thr ... |
| CVE-2019-8921 | An issue was discovered in bluetoothd in BlueZ through 5.48. The vulne ... |
| CVE-2017-1000250 | All versions of the SDP server in BlueZ 5.46 and earlier are vulnerabl ... |
| CVE-2016-7837 | Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execut ... |