Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-41229 - log back

CVE-2021-41229 edited at 13 Nov 2021 09:53:59

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Denial of service

Description

+

In BlueZ, a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.

References

+	https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq

Notes

CVE-2021-41229 created at 13 Nov 2021 09:53:15