CVE-2020-27153

Name
CVE-2020-27153
Description
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1884817
Patch https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07
Patch https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
MLIST https://lists.debian.org/debian-lts-announce/2020/10/msg00022.html
GENTOO https://security.gentoo.org/glsa/202011-01
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html
DEBIAN https://www.debian.org/security/2021/dsa-4951

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:* bluez >= None < 5.55

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bluez edge-main 5.54-r0 None possibly vulnerable
bluez 3.22-main 5.54-r0 None possibly vulnerable
bluez 3.21-main 5.54-r0 None possibly vulnerable
bluez 3.20-main 5.54-r0 None possibly vulnerable
bluez 3.19-main 5.54-r0 None possibly vulnerable
bluez 3.12-main 5.54-r6 Natanael Copa <ncopa@alpinelinux.org> fixed
bluez 3.11-main 5.52-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
bluez 3.10-main 5.50-r5 Natanael Copa <ncopa@alpinelinux.org> fixed