---

CVE-2021-3588 - log back

CVE-2021-3588 edited at 10 Jun 2021 09:27:44
Description	- A security issue has been found in BlueZ 5.58. The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. + A security issue has been found in BlueZ before version 5.56. The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.
References	https://github.com/bluez/bluez/issues/70 - https://github.com/tedd-an/test-bluez/commit/3a40bef49305f8327635b81ac8be52a3ca063d5a + https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?h=5.56&id=3a40bef49305f8327635b81ac8be52a3ca063d5a

CVE-2021-3588 edited at 10 Jun 2021 08:36:54
References	https://github.com/bluez/bluez/issues/70 + https://github.com/tedd-an/test-bluez/commit/3a40bef49305f8327635b81ac8be52a3ca063d5a

CVE-2021-3588 edited at 10 Jun 2021 08:35:16
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ A security issue has been found in BlueZ 5.58. The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.
References	+ https://github.com/bluez/bluez/issues/70
Notes

CVE-2021-3588 created at 10 Jun 2021 08:33:36