CVE-2021-3588 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3588 PUBLISHED CVSS 3.299999952316284 LOW

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

EPSS 0.12% · 31.1th percentile

Risk Scores

CVSS v3.1

3.299999952316284

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.12%

31.1th percentile

Affected Products

Vendor	Product	Versions
bluez	bluez	0
BlueZ	BlueZ	unspecified

Timeline

Jun 10, 2021 EPSS Score
Jun 10, 2021 CVE Published
Aug 10, 2021 EPSS Score
Oct 9, 2021 EPSS Score
Dec 9, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 8, 2022 EPSS Score
Jun 7, 2022 EPSS Score
Aug 7, 2022 EPSS Score
Oct 7, 2022 EPSS Score
Dec 6, 2022 EPSS Score

References

https://github.com/bluez/bluez/issues/70 url
GLSA-202209-16 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-3588 advisory

Open in Interactive Console →