Miggo Logo
Miggo Vulnerability Database
CVE-2023-44431

CVE-2023-44431:
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This...

7.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2023-44431
GHSA ID
GHSA-crgw-4rjj-j4j9
EPSS Score
0.82573%
CWE
CWE-121
Published
5/3/2024
Updated
5/3/2024
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information and the content fetched from the URLs do not contain specific commit details or code patches related to the vulnerability CVE-2023-44431. The descriptions consistently mention a stack-based buffer overflow in the AVRCP protocol handling within BlueZ, due to improper validation() of user-supplied data length. However, without the actual code changes, it's impossible to pinpoint the exact vulnerable functions. Therefore, I cannot confidently identify the vulnerable functions based on the available information.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*lu*Z *u*io Pro*il* *VR*P St**k-**s** *u***r Ov*r*low R*mot* *o** *x**ution Vuln*r**ility. T*is vuln*r**ility *llows n*twork-**j***nt *tt**k*rs to *x**ut* *r*itr*ry *o** vi* *lu*toot* on *****t** inst*ll*tions o* *lu*Z. Us*r int*r**tion is r*quir** t

Reasoning

T** provi*** in*orm*tion *n* t** *ont*nt **t**** *rom t** URLs *o not *ont*in sp**i*i* *ommit **t*ils or *o** p*t***s r*l*t** to t** vuln*r**ility *V*-****-*****. T** **s*riptions *onsist*ntly m*ntion * st**k-**s** *u***r ov*r*low in t** *VR*P proto*