CVE-2008-2374 — CRITICAL (9.8)

Q: How severe is CVE-2008-2374?

CVE-2008-2374 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2008-2374?

Check the references section above for vendor advisories and patch information. Affected products include: Bluez Bluez-Libs, Bluez Bluez-Utils, Fedoraproject Fedora.

Vulnerability Description

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bluez	Bluez-Libs	< 3.34
Bluez	Bluez-Utils	< 3.34
Fedoraproject	Fedora	8

Related Weaknesses (CWE)

CWE-1284

References

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.htmlThird Party Advisory
http://secunia.com/advisories/30957Broken LinkVendor Advisory
http://secunia.com/advisories/31057Broken Link
http://secunia.com/advisories/31833Broken Link
http://secunia.com/advisories/32099Broken Link
http://secunia.com/advisories/32279Broken Link
http://secunia.com/advisories/34280Broken Link
http://security.gentoo.org/glsa/glsa-200903-29.xmlThird Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c2Broken LinkExploit
http://www.bluez.org/bluez-334/Product
http://www.mandriva.com/security/advisories?name=MDVSA-2008:145Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0581.htmlBroken Link
http://www.securityfocus.com/bid/30105Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020479Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/2096/referencesBroken Link

FAQ

What is CVE-2008-2374?

CVE-2008-2374 is a vulnerability with a CVSS score of 9.8 (CRITICAL). src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to ...

How severe is CVE-2008-2374?

CVE-2008-2374 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2008-2374?

Check the references section above for vendor advisories and patch information. Affected products include: Bluez Bluez-Libs, Bluez Bluez-Utils, Fedoraproject Fedora.