VDB
CVE-2021-41229
CVE-2021-41229
PUBLISHED
Es existiert eine Schwachstelle in Red Hat Enterprise Linux in BlueZ. In "sdp_cstate_alloc_buf" wird Speicher alloziert, der immer in der einfach verknüpften Liste von "cstates" hängt und nicht freigegeben wird, was zu einer Speicherbeschädigung führt. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen.
EPSS 0.04% · 14.0th percentile
Risk Scores
EPSS Score
0.04%
14.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| Oracle | Oracle Linux | |
| SUSE | SUSE Linux | |
| Red Hat | Red Hat Enterprise Linux 8 |
Exploit Intelligence
- https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq (nist-nvd)
- https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html (circl)
- [debian-lts-announce] 20211127 [SECURITY] [DLA 2827-1] bluez security update (circl)
- https://security.netapp.com/advisory/ntap-20211203-0004/ (circl)
- [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update (circl)
Timeline
- Nov 12, 2021 CVE Published
- Nov 13, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 7, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 28, 2022 EPSS Score
- Jun 23, 2022 EPSS Score
- Aug 18, 2022 EPSS Score
- Oct 13, 2022 EPSS Score
- Dec 7, 2022 EPSS Score
- Feb 1, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1836.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1836 advisory
- https://access.redhat.com/errata/RHSA-2022:2081 advisory
- https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-September/016232.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-January/017715.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-January/017714.html advisory
- https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html advisory
- https://linux.oracle.com/errata/ELSA-2024-11154.html advisory