CVE-2008-2374
Detail
Modified After Enrichment
This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected] .
URL
Source(s)
Tag(s)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
CVE, Inc., Red Hat
Third Party Advisory
http://secunia.com/advisories/30957
CVE, Inc., Red Hat
Broken Link
Vendor Advisory
http://secunia.com/advisories/31057
CVE, Inc., Red Hat
Broken Link
http://secunia.com/advisories/31833
CVE, Inc., Red Hat
Broken Link
http://secunia.com/advisories/32099
CVE, Inc., Red Hat
Broken Link
http://secunia.com/advisories/32279
CVE, Inc., Red Hat
Broken Link
http://secunia.com/advisories/34280
CVE, Inc., Red Hat
Broken Link
http://security.gentoo.org/glsa/glsa-200903-29.xml
CVE, Inc., Red Hat
Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com
CVE, Inc., Red Hat
Broken Link
Exploit
http://www.bluez.org/bluez-334/
CVE, Inc., Red Hat
Product
http://www.mandriva.com/security/advisories?name=MDVSA-2008:145
CVE, Inc., Red Hat
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0581.html
CVE, Inc., Red Hat
Broken Link
http://www.securityfocus.com/bid/30105
CVE, Inc., Red Hat
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020479
CVE, Inc., Red Hat
Broken Link
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2096/references
CVE, Inc., Red Hat
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973
CVE, Inc., Red Hat
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html
CVE, Inc., Red Hat
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html
CVE, Inc., Red Hat
Mailing List
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-1284
Improper Validation of Specified Quantity in Input
NIST
CISA-ADP
Change History
9 change records found show changes
CVE Modified by CISA-ADP
6/16/2026 6:53:39 PM
Action
Type
Old Value
New Value
Added
SSVC
{"timestamp":"2025-01-17T15:15:23.751667Z","id":"CVE-2008-2374","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
CVE Modified by Red Hat, Inc.
6/16/2026 6:53:39 PM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]
CVE Status Change
4/22/2026 8:35:47 PM
Action
Type
Old Value
New Value
CVE Modified by CISA-ADP
1/17/2025 11:15:25 AM
Action
Type
Old Value
New Value
Added
CVSS V3.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added
CWE
CWE-1284
CVE Modified by CVE
11/20/2024 7:46:44 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
Added
Reference
http://secunia.com/advisories/30957
Added
Reference
http://secunia.com/advisories/31057
Added
Reference
http://secunia.com/advisories/31833
Added
Reference
http://secunia.com/advisories/32099
Added
Reference
http://secunia.com/advisories/32279
Added
Reference
http://secunia.com/advisories/34280
Added
Reference
http://security.gentoo.org/glsa/glsa-200903-29.xml
Added
Reference
http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com
Added
Reference
http://www.bluez.org/bluez-334/
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2008:145
Added
Reference
http://www.redhat.com/support/errata/RHSA-2008-0581.html
Added
Reference
http://www.securityfocus.com/bid/30105
Added
Reference
http://www.securitytracker.com/id?1020479
Added
Reference
http://www.vupen.com/english/advisories/2008/2096/references
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973
Added
Reference
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html
Added
Reference
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html
CVE Modified by Red Hat, Inc.
5/13/2024 9:53:08 PM
Action
Type
Old Value
New Value
Modified Analysis by NIST
2/13/2024 11:09:59 AM
Action
Type
Old Value
New Value
Added
CWE
NIST CWE-1284
Removed
CWE
NIST CWE-20
Removed
CWE
NIST NVD-CWE-noinfo
Changed
CPE Configuration
OR
*cpe:2.3:a:bluez:bluez_libs:*:*:*:*:*:*:*:* versions up to (including) 3.30
*cpe:2.3:a:bluez:bluez_utils:*:*:*:*:*:*:*:* versions up to (including) 3.33
OR
*cpe:2.3:a:bluez:bluez-libs:*:*:*:*:*:*:*:* versions up to (excluding) 3.34
*cpe:2.3:a:bluez:bluez-utils:*:*:*:*:*:*:*:* versions up to (excluding) 3.34
Added
CPE Configuration
OR
*cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
*cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Changed
Reference Type
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html Third Party Advisory
Changed
Reference Type
http://secunia.com/advisories/30957 Vendor Advisory
http://secunia.com/advisories/30957 Broken Link, Vendor Advisory
Changed
Reference Type
http://secunia.com/advisories/31057 No Types Assigned
http://secunia.com/advisories/31057 Broken Link
Changed
Reference Type
http://secunia.com/advisories/31833 No Types Assigned
http://secunia.com/advisories/31833 Broken Link
Changed
Reference Type
http://secunia.com/advisories/32099 No Types Assigned
http://secunia.com/advisories/32099 Broken Link
Changed
Reference Type
http://secunia.com/advisories/32279 No Types Assigned
http://secunia.com/advisories/32279 Broken Link
Changed
Reference Type
http://secunia.com/advisories/34280 No Types Assigned
http://secunia.com/advisories/34280 Broken Link
Changed
Reference Type
http://security.gentoo.org/glsa/glsa-200903-29.xml No Types Assigned
http://security.gentoo.org/glsa/glsa-200903-29.xml Third Party Advisory
Changed
Reference Type
http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com Exploit
http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com Broken Link, Exploit
Changed
Reference Type
http://www.bluez.org/bluez-334/ No Types Assigned
http://www.bluez.org/bluez-334/ Product
Changed
Reference Type
http://www.mandriva.com/security/advisories?name=MDVSA-2008:145 No Types Assigned
http://www.mandriva.com/security/advisories?name=MDVSA-2008:145 Broken Link
Changed
Reference Type
http://www.redhat.com/support/errata/RHSA-2008-0581.html No Types Assigned
http://www.redhat.com/support/errata/RHSA-2008-0581.html Broken Link
Changed
Reference Type
http://www.securityfocus.com/bid/30105 No Types Assigned
http://www.securityfocus.com/bid/30105 Broken Link, Third Party Advisory, VDB Entry
Changed
Reference Type
http://www.securitytracker.com/id?1020479 No Types Assigned
http://www.securitytracker.com/id?1020479 Broken Link, Third Party Advisory, VDB Entry
Changed
Reference Type
http://www.vupen.com/english/advisories/2008/2096/references No Types Assigned
http://www.vupen.com/english/advisories/2008/2096/references Broken Link
Changed
Reference Type
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973 No Types Assigned
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973 Broken Link
Changed
Reference Type
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html No Types Assigned
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html Mailing List
Changed
Reference Type
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html No Types Assigned
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html Mailing List
CVE Modified by Red Hat, Inc.
9/28/2017 9:31:08 PM
Action
Type
Old Value
New Value
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9973 [No Types Assigned]
Initial CVE Analysis
7/08/2008 10:52:00 AM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2008-2374 NVD
Published Date: 07/07/2008 NVD
Last Modified: 06/16/2026
Source: Red Hat, Inc.