Vulnerability Description
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the object (aka use after free). An attacker can leverage this to achieve remote code execution in the context of a user account under which the Bluetooth process runs.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensynergy | Blue Sdk | <= 6.0.1 |
Related Weaknesses (CWE)
References
- https://pcacybersecurity.com/resources/advisory/perfekt-blueExploitThird Party Advisory
- https://www.opensynergy.com/Product
- https://pcacybersecurity.com/resources/advisory/perfekt-blueExploitThird Party Advisory
FAQ
What is CVE-2024-45434?
CVE-2024-45434 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an obje...
How severe is CVE-2024-45434?
CVE-2024-45434 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-45434?
Check the references section above for vendor advisories and patch information. Affected products include: Opensynergy Blue Sdk.