CVE-2021-41229

Name
CVE-2021-41229
Description
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
Mailing List https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20211203-0004/
Mailing List https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bluez:bluez:5.58:*:*:*:*:*:*:* bluez == None == 5.58

Vulnerable and fixed packages

Source package Branch Version Maintainer Status