CVE-2008-2374

NameCVE-2008-2374
Descriptionsrc/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bluez-libssource(unstable)3.34low
bluez-utilssource(unstable)3.34low

Notes

[etch] - bluez-libs <no-dsa> (Minor issue)
[etch] - bluez-utils <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
Search for package or bug name: Reporting problems