Showing 1 - 4 of 4

CVE-2023-45866

Status Candidate

Overview

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Related Files

Gentoo Linux Security Advisory 202401-03: Posted Jan 5, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.; tags | advisory, vulnerability; systems | linux, gentoo; advisories | CVE-2023-45866; SHA-256 | 00bcf7d7f39e7957ade6ec3d65eccb58e969676ea0a1c77b50884d272960344f; Download | Favorite | View

Debian Security Advisory 5584-1: Posted Dec 22, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.; tags | advisory; systems | linux, debian; advisories | CVE-2023-45866; SHA-256 | c60c03d128a6806b3f8d0e7cf027c5d53155058c8e252594daf8af61d204802d; Download | Favorite | View

Apple Security Advisory 12-11-2023-2: Posted Dec 13, 2023; Authored by Apple | Site apple.com; Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.; tags | advisory, spoof, vulnerability, code execution; systems | apple, ios; advisories | CVE-2023-42883, CVE-2023-42884, CVE-2023-42890, CVE-2023-42897, CVE-2023-42898, CVE-2023-42899, CVE-2023-42914, CVE-2023-42919, CVE-2023-42922, CVE-2023-42923, CVE-2023-42927, CVE-2023-45866; SHA-256 | 0438f0a9537e5a05a2fce86952d5d7e45b1197dfffe609685a02eb3c1566aa69; Download | Favorite | View

Ubuntu Security Notice USN-6540-1: Posted Dec 7, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6540-1 - It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2023-45866; SHA-256 | 8a870ceb8e8b80fecb7bdf6531423f8e70b239e9839c50be042ab87d8f8c36d4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2023-45866

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems