{"api_version":"1","generated_at":"2026-04-23T04:08:14+00:00","cve":"CVE-2017-1000250","urls":{"html":"https://cve.report/CVE-2017-1000250","api":"https://cve.report/api/cve/CVE-2017-1000250.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-1000250","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000250"},"summary":{"title":"CVE-2017-1000250","description":"All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-09-12 17:29:00","updated_at":"2018-02-17 02:29:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.debian.org/security/2017/dsa-3972","name":"DSA-3972","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-3972-1 bluez","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.kb.cert.org/vuls/id/240311","name":"VU#240311","refsource":"CERT-VN","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#240311 - Multiple Bluetooth implementation vulnerabilities affect many devices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for “BlueBorne” and “Dnsmasq”. | NVIDIA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/100814","name":"100814","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"BlueZ CVE-2017-1000250 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://access.redhat.com/security/vulnerabilities/blueborne","name":"https://access.redhat.com/security/vulnerabilities/blueborne","refsource":"CONFIRM","tags":["Not Applicable"],"title":"Blueborne - Linux Kernel Remote Denial of Service in Bluetooth subsystem - CVE-2017-1000251 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2017-1000250","name":"https://access.redhat.com/security/cve/CVE-2017-1000250","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory","VDB Entry"],"title":"CVE-2017-1000250 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2017:2685","name":"RHSA-2017:2685","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.armis.com/blueborne","name":"https://www.armis.com/blueborne","refsource":"MISC","tags":["Exploit","Technical Description","Third Party Advisory"],"title":"BlueBorne Information from the Research Team - Armis Labs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne","name":"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne","refsource":"CONFIRM","tags":[],"title":"Synology-SA-17:52 BlueBorne | Synology Inc.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-1000250","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000250","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"1000250","vulnerable":"1","versionEndIncluding":"5.46","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bluez","cpe5":"bluez","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-1000250","qid":"378253","title":"Virtuozzo Linux Security Update for bluez-cups (VZLSA-2017:2685)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","DATE_ASSIGNED":"2017-09-08","ID":"CVE-2017-1000250","REQUESTER":"security@armis.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://access.redhat.com/security/vulnerabilities/blueborne","refsource":"CONFIRM","url":"https://access.redhat.com/security/vulnerabilities/blueborne"},{"name":"https://www.armis.com/blueborne","refsource":"MISC","url":"https://www.armis.com/blueborne"},{"name":"DSA-3972","refsource":"DEBIAN","url":"http://www.debian.org/security/2017/dsa-3972"},{"name":"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne","refsource":"CONFIRM","url":"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"},{"name":"100814","refsource":"BID","url":"http://www.securityfocus.com/bid/100814"},{"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","refsource":"CONFIRM","url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561"},{"name":"VU#240311","refsource":"CERT-VN","url":"https://www.kb.cert.org/vuls/id/240311"},{"name":"RHSA-2017:2685","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2685"}]}},"nvd":{"publishedDate":"2017-09-12 17:29:00","lastModifiedDate":"2018-02-17 02:29:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:N/A:N","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3},"severity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","versionEndIncluding":"5.46","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"1000250","Ordinal":"111773","Title":"CVE-2017-1000250","CVE":"CVE-2017-1000250","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"1000250","Ordinal":"1","NoteData":"All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"1000250","Ordinal":"2","NoteData":"2017-09-12","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"1000250","Ordinal":"3","NoteData":"2018-02-16","Type":"Other","Title":"Modified"}]}}}