How severe is CVE-2023-51594?

This vulnerability has a severity rating of LOW with a CVSS score of 2.6 out of 10.

What type of vulnerability is CVE-2023-51594?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2023-51594 - LOW Severity | CVSS 2.6

Vulnerability Description

BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.

Related Vulnerabilities

CVE-2019-15662

LOW

CVSS:2.7(Low)

An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120444 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an arbi...

CWE-1252019

CVE-2019-15663

LOW

CVSS:2.7(Low)

An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120404 in KfeCo10X64.sys fails to validate an offset passed as a parameter during a memory operation, leading to an out-...

CWE-1252019

CVE-2019-15664

LOW

CVSS:2.7(Low)

CWE-1252019

CVE-2020-11040

LOW

CVSS:2.7(Low)

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.

CWE-1252020

CVE-2020-11043

LOW

CVSS:2.7(Low)

In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched i...

CWE-1252020

CVE-2021-29473

LOW

CVSS:2.5(Low)

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2...

CWE-1252021