VDB

CVE-2020-27153

CVE-2020-27153 PUBLISHED

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

EPSS 2.25% · 84.9th percentile

Risk Scores

EPSS Score
2.25%
84.9th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSbluez5.46-0ubuntu3, 5.48-0ubuntu3, 5.48-0ubuntu3.1
Ubuntu:Pro:16.04:LTSbluez0, 5.36-0ubuntu1, 5.37-0ubuntu5
Ubuntu:20.04:LTSbluez5.50-0ubuntu4, 5.51-0ubuntu1, 5.51-0ubuntu2

Timeline

  • Oct 15, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 8, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›