CVE-2017-1000250 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-396	bluez	5.46-1	5.46-2	High	Fixed	FS#55603

Date	Advisory	Group	Package	Severity	Type
12 Sep 2017	ASA-201709-3	AVG-396	bluez	High	information disclosure

References
https://www.armis.com/blueborne/ http://pkgs.fedoraproject.org/cgit/rpms/bluez.git/plain/0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch