Skip to content

There is a memory leak vulnerability in the sdp protocol, which will cause resource-consuming dos

Moderate
Vudentz published GHSA-3fqg-r8j5-f5xq Nov 12, 2021

Package

BlueZ

Affected versions

5.58

Patched versions

None

Description

The vulnerability exists in sdp_cstate_alloc_buf
sdp_cstate_list_t *cstate = malloc(sizeof(sdp_cstate_list_t));
uint8_t *data = malloc(buf->data_size);
cstate->buf.data = data;
cstate->timestamp = sdp_get_time();
cstate->next = cstates;
However, cstate will always be hung in the singly linked list of cstates and will not be free. This will cause a memory leak vulnerability
The data can be a very large object, which causes the attacker to continuously send sdp packets to know that the service of the target device has crashed.
I use this vulnerability to coordinate the memory layout

Severity

Moderate

CVE ID

CVE-2021-41229

Weaknesses

No CWEs