-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability CVE-2023-51580 is an out-of-bounds read in BlueZ's AVRCP profile, specifically mentioning the function avrcp_parse_attribute_list. Analysis of the profiles/audio/avrcp.c source code confirms this. The function avrcp_parse_attribute_list parses attribute data from a buffer, reading a length field (len) for each attribute and using it to advance a pointer and determine access length. This len is not validated against the remaining buffer size, leading to a potential OOB read if len is maliciously large.
The functions that call avrcp_parse_attribute_list are also identified as processing potentially malicious input. These are typically response handlers for AVRCP commands, where BlueZ acts as a client (Controller) receiving data from a potentially malicious server (Target). These include:
avrcp_get_element_attributes_rsp: Handles responses for GET_ELEMENT_ATTRIBUTES.avrcp_get_item_attributes_rsp: Handles responses for GET_ITEM_ATTRIBUTES.parse_media_element: Parses media element items, called by avrcp_list_items_rsp.avrcp_list_items_rsp: Handles responses for GET_FOLDER_ITEMS and calls parse_media_element.These functions would appear in a runtime profile when the vulnerability is triggered because they are directly involved in receiving, parsing, and processing the malformed AVRCP packet that causes the out-of-bounds read in avrcp_parse_attribute_list.
Ongoing coverage of React2Shell