CVE-2018-5383: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
First published: Fri Jun 01 2018(Updated: )
A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. External References: <a href="https://www.kb.cert.org/vuls/id/304725">https://www.kb.cert.org/vuls/id/304725</a> <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html</a> <a href="https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update">https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update</a>
Credit: Lior Neumann Eli Biham Lior Neumann Eli Biham Lior Neumann Eli Biham Lior Neumann Eli Biham Lior Neumann Eli Biham cret@cert.org cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <12 | 12 |
| Google Android | ||
| debian/firmware-nonfree | 20210315-3 20230210-5 20241210-1 | |
| Apple macOS | <10.14 | 10.14 |
| Apple macOS | <10.13.5 | 10.13.5 |
| Apple Sierra | ||
| Apple El Capitan | ||
| Google Android | =6.0 | |
| Google Android | =6.0.1 | |
| Google Android | =7.0 | |
| Google Android | =7.1.1 | |
| Google Android | =7.1.2 | |
| Google Android | =8.0 | |
| Google Android | =8.1 | |
| Apple iPhone OS | <11.4 | |
| macOS Yosemite | <10.13 | |
| tvOS | <12 | 12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cs.technion.ac.il/~biham/BT/
- https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
- https://www.kb.cert.org/vuls/id/304725
- http://www.securityfocus.com/bid/104879
- http://www.securitytracker.com/id/1041432
- https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:2169
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4118-1/
- https://usn.ubuntu.com/4351-1/
- https://launchpad.net/bugs/cve/CVE-2018-5383
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1615683
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1615706
- https://access.redhat.com/security/cve/cve-2018-5383
- https://bugzilla.redhat.com/show_bug.cgi?id=1614159
- https://support.apple.com/en-us/HT209139 (Advisory)
- https://support.apple.com/en-us/HT208937 (Advisory)
- https://support.apple.com/en-us/HT208849 (Advisory)
- https://support.apple.com/en-us/HT209107 (Advisory)
- https://support.apple.com/en-us/HT209106 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2018-5383
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5383
- https://nvd.nist.gov/vuln/detail/CVE-2018-5383
- https://ubuntu.com/security/CVE-2018-5383
- https://source.android.com/docs/security/bulletin/2018-08-01/#asterisk
- https://source.android.com/docs/security/bulletin/2018-08-01
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4322
- CVE-2018-4321
- CVE-2018-5383
- CVE-2018-4126
- CVE-2018-4412
- CVE-2018-4414
- CVE-2018-4356
- CVE-2018-4347
- CVE-2018-4333
- CVE-2018-4433
- CVE-2018-4426
- CVE-2018-4331
- CVE-2018-4332
- CVE-2018-4343
- CVE-2018-4355
- CVE-2018-4408
- CVE-2018-4341
- CVE-2018-4354
- CVE-2018-4383
- CVE-2018-4335
- CVE-2018-4401
- CVE-2018-4305
- CVE-2018-4363
- CVE-2018-4336
- CVE-2018-4337
- CVE-2018-4340
- CVE-2018-4344
- CVE-2018-4425
- CVE-2018-4399
- CVE-2018-4407
- CVE-2018-4326
- CVE-2018-4310
- CVE-2018-4313
- CVE-2018-4352
- CVE-2018-4329
- CVE-2018-4307
- CVE-2018-4362
- CVE-2018-4395
- CVE-2016-1777
- CVE-2018-4325
- CVE-2018-4203
- CVE-2018-4304
- CVE-2018-4309
- CVE-2018-4361
- CVE-2018-4474
- CVE-2018-4311
- CVE-2018-4299
- CVE-2018-4323
- CVE-2018-4328
- CVE-2018-4358
- CVE-2018-4359
- CVE-2018-4360
- CVE-2018-4319
- CVE-2018-4316
- CVE-2018-4191
- CVE-2018-4345
- CVE-2018-4315
- CVE-2018-4197
- CVE-2018-4312
- CVE-2018-4306
- CVE-2018-4318
- CVE-2018-4317
- CVE-2018-4314
- CVE-2018-4295
- CVE-2018-4324
- CVE-2018-4417
- CVE-2018-4353
- CVE-2017-12613
- CVE-2017-12618
- CVE-2018-4411
- CVE-2018-4308
- CVE-2018-4153
- CVE-2018-4406
- CVE-2018-4346
- CVE-2018-4296
- CVE-2019-8643
- CVE-2017-5731
- CVE-2017-5732
- CVE-2017-5733
- CVE-2017-5734
- CVE-2017-5735
- CVE-2018-3646
- CVE-2018-4396
- CVE-2018-4418
- CVE-2018-4351
- CVE-2018-4350
- CVE-2018-4334
- CVE-2018-4451
- CVE-2018-4456
- CVE-2015-3194
- CVE-2015-5333
- CVE-2015-5334
- CVE-2016-0702
- CVE-2018-4348
- CVE-2018-3639
- CVE-2018-4393
- CVE-2018-4338
- CVE-2018-4196
- CVE-2018-4253
- CVE-2018-4256
- CVE-2018-4255
- CVE-2018-4254
- CVE-2018-4258
- CVE-2018-4257
- CVE-2018-7584
- CVE-2018-4219
- CVE-2018-4171
- CVE-2018-4194
- CVE-2018-4180
- CVE-2018-4181
- CVE-2018-4182
- CVE-2018-4183
- CVE-2018-4478
- CVE-2018-4251
- CVE-2018-4211
- CVE-2018-4229
- CVE-2018-4159
- CVE-2018-4242
- CVE-2018-4202
- CVE-2018-4217
- CVE-2018-4141
- CVE-2018-4228
- CVE-2018-4236
- CVE-2018-4234
- CVE-2018-4249
- CVE-2018-8897
- CVE-2018-4241
- CVE-2018-4243
- CVE-2018-4237
- CVE-2018-4404
- CVE-2018-4227
- CVE-2018-4235
- CVE-2018-4240
- CVE-2018-4230
- CVE-2018-4221
- CVE-2018-4223
- CVE-2018-4224
- CVE-2018-4225
- CVE-2018-4226
- CVE-2018-4184
- CVE-2018-4198
- CVE-2018-4193
- CVE-2018-4470
- CVE-2018-4289
- CVE-2018-4268
- CVE-2018-4285
- CVE-2018-4293
- CVE-2018-4269
- CVE-2018-4276
- CVE-2018-4178
- CVE-2018-4283
- CVE-2018-3665
- CVE-2018-4259
- CVE-2018-4286
- CVE-2018-4287
- CVE-2018-4288
- CVE-2018-4291
- CVE-2018-4280
- CVE-2018-4248
- CVE-2018-4277
- CVE-2018-6797
- CVE-2018-6913
- CVE-2017-0898
- CVE-2017-10784
- CVE-2017-14033
- CVE-2017-14064
- CVE-2017-17405
- CVE-2017-17742
- CVE-2018-6914
- CVE-2018-8777
- CVE-2018-8778
- CVE-2018-8779
- CVE-2018-8780
- CVE-2018-4274
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-5383
- agent/author
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/weakness
- agent/remedy
- agent/title
- agent/severity
- agent/references
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- collector/security-tracker-debian
- source/Debian
- agent/source
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- vendor/apple
- canonical/apple ios
- vendor/google
- canonical/google android
- package-manager/debian
- canonical/apple macos
- canonical/apple sierra
- canonical/apple el capitan
- version/google android/6.0
- version/google android/6.0.1
- version/google android/7.0
- version/google android/7.1.1
- version/google android/7.1.2
- version/google android/8.0
- version/google android/8.1
- canonical/apple iphone os
- canonical/macos yosemite
- canonical/tvos