ByteOS Network

NVD Vulnerability Details :

CVE-2021-41229

Modified

Source-security-advisories@github.com

Published At-12 Nov, 2021 | 23:15

Updated At-04 Nov, 2025 | 16:15

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	3.3	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:P

Type: Secondary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 3.3

Base severity: LOW

Vector:

AV:A/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

BlueZ

>>bluez>>5.58

cpe:2.3:a:bluez:bluez:5.58:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>9.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>10.0

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-400	Secondary	security-advisories@github.com
CWE-401	Primary	nvd@nist.gov

CWE ID: CWE-400

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-401

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq	security-advisories@github.com	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html	security-advisories@github.com	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html	security-advisories@github.com	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20211203-0004/	security-advisories@github.com	Third Party Advisory
https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.netapp.com/advisory/ntap-20211203-0004/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory