CVE-2008-2374

Publication date 7 July 2008

Last updated 25 August 2025

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

Read the notes from the security team

Status

Package Ubuntu Release Status
bluez 11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
bluez-libs 11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Ignored end of life
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.06 LTS dapper Ignored end of life
bluez-utils 11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Ignored end of life
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

Notes

mdeslaur

bluez-utils and bluez-libs only

Severity score breakdown

CVSS version: CVSS v3.0

Base score 9.8 · Critical

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Other references

Access our resources on patching vulnerabilities