CVE-2021-3588

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2021-3588 MGASA-2021-0281 OPENSUSE-SU-2021:2459-1 OPENSUSE-SU-2024:12446-1 SUSE-SU-2021:2459-1 UBUNTU-CVE-2021-3588

Modified

Published: 10 Jun 2021, 02:30

Last modified:16 Sept 2024, 23:37

Vulnerability Summary

Overall Risk (default)

low

23/100

CVSS Score

3.3 LOW

v3.1 (cve.org)

EPSS Score

0.12% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

10 Jun 2021, 02:30

Published

Vulnerability first disclosed

16 Sept 2024, 23:37

Last Modified

Vulnerability information updated

Description

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

CVSS Metrics

v3.1•LOW•Score: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.12%• Percentile: 31%

Techniques & Countermeasures

CWE-788•Access of Memory Location After End of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

bluez•bluez
< 5.56 | ≥ unspecified, < 5.56