VDB

GCVE-VVD-MAGEIA-2021-281

GCVE-VVD-MAGEIA-2021-281
Advisory Published
Vulnetix · Advisory published June 23, 2021
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (CVE-2020-26558). The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading (CVE-2021-3588).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiabluez0 (affected), 5.54-1.2.mga7 (unaffected)
Mageiabluez0 (affected), 5.55-3.1.mga8 (unaffected)

Aliases

CVE-2021-3588

Transitive aliases

GHSA-3h8m-q4x3-3fhwGSD-2021-3588MSRC_CVE-2021-3588CNVD-2021-44978VVD-GENTOO-2021-797712BDU:2021-05651EUVD-2021-26896OPENSUSE-SU-2024:12446-1OPENSUSE-SU-2021:2459-1SUSE-SU-2021:2459-1

References

Updated bluez packages fix security vulnerability
advisory
Updated bluez packages fix security vulnerability
advisory
Updated bluez packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›