|
|
CVE Reference: CVE-2008-2374 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-2374 |
|
|
Description: src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read. |
|
|
CVE Status: Candidate |
|
|
References: SUSE http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html SAID Secunia Advisory: SA32279 Secunia Advisory: SA30957 Secunia Advisory: SA31057 Secunia Advisory: SA34280 Secunia Advisory: SA31833 Secunia Advisory: SA32099 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0581.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9973 MLIST http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:145 GENTOO http://security.gentoo.org/glsa/glsa-200903-29.xml FEDORA CONFIRM http://www.bluez.org/bluez-334/ BID 30105 |
|
| Return to the previous page. |
