VIR Vulnerability Intelligence Relay

CVE-2017-1000250

medium
Published 2017-09-12 · Modified 2026-05-13
CVSS v3
6.5
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2
3.3
VIR risk
6.5

Description

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

Predictions

Exploit likelihood
65%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-1000250.html

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-1000250

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201709-3

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed5.46-1
debian debianbullseyefixed5.46-1
debian debianforkyfixed5.46-1
debian debiansidfixed5.46-1
debian debiantrixiefixed5.46-1
suse slesaffected
arch archfixed5.46-2

Application impact
VendorProductVersionsFixed
bluezbluez{"endIncluding":"5.46"}

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.