Bluez
This hub aggregates every CVE we track for Bluez, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
46
CVEs tracked
1
Critical
19
High
0
In CISA KEV
Severity distribution
MEDIUM23HIGH19LOW3CRITICAL1
Monthly trend
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Bluez.
- CVE-2024-8805BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability8.8
- CVE-2023-51596BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability7.1
- CVE-2023-51594BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability5.7
- CVE-2023-51592BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability5.7
- CVE-2023-51589BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability5.7
- CVE-2023-51580BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability5.7
- CVE-2023-50230BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability8.0
- CVE-2023-50229BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability8.0
- CVE-2023-44431BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability8.0
- CVE-2023-27349BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability8.0
- CVE-2023-45866Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting inje...6.3
- CVE-2022-3637Linux Kernel BlueZ jlink.c jlink_init denial of service2.6
- CVE-2022-3563Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference3.5
- CVE-2022-39177BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.8.8
- CVE-2022-39176BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.8.8
Product normalization is registry-driven with AI assist and human review. How it works