ZDI-23-1905: BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2023-51592.

attackers audio bluetooth bluez connect cve cves cvss device disclosure exploit information information disclosure information disclosure vulnerability malicious network out-of-bounds profile rating sensitive sensitive information target vulnerability zdi