CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-2374

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.06

EPSS Ranking 90.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2008-2374

Bluez » Bluez-Libs » Version: N/A

cpe:2.3:a:bluez:bluez-libs:-
Bluez » Bluez-Libs » Version: 3.33

cpe:2.3:a:bluez:bluez-libs:3.33
Bluez » Bluez-Utils » Version: N/A

cpe:2.3:a:bluez:bluez-utils:-
Bluez » Bluez-Utils » Version: 3.33

cpe:2.3:a:bluez:bluez-utils:3.33
Fedoraproject » Fedora » Version: 8

cpe:2.3:o:fedoraproject:fedora:8
Fedoraproject » Fedora » Version: 9

cpe:2.3:o:fedoraproject:fedora:9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-2374

Products

Pricing

Contact Us