CVE-2018-5383: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
First published: Fri Jun 01 2018(Updated: )
A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. External References: <a href="https://www.kb.cert.org/vuls/id/304725">https://www.kb.cert.org/vuls/id/304725</a> <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html</a> <a href="https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update">https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update</a>
Credit: Lior Neumann Eli Biham Lior Neumann Eli Biham Lior Neumann Eli Biham Lior Neumann Eli Biham Lior Neumann Eli Biham cret@cert.org cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Mojave | <10.14 | 10.14 |
| Apple macOS High Sierra | <10.13.6 | 10.13.6 |
| Apple Sierra | ||
| Apple El Capitan | ||
| Apple tvOS | <12 | 12 |
| Apple iOS | <12 | 12 |
| Google Android | =6.0 | |
| Google Android | =6.0.1 | |
| Google Android | =7.0 | |
| Google Android | =7.1.1 | |
| Google Android | =7.1.2 | |
| Google Android | =8.0 | |
| Google Android | =8.1 | |
| Apple iPhone OS | <11.4 | |
| Apple Mac OS X | <10.13 | |
| Google Android | ||
| debian/firmware-nonfree | 20210315-3 20230210-5 20240909-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cs.technion.ac.il/~biham/BT/
- https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
- https://www.kb.cert.org/vuls/id/304725
- http://www.securityfocus.com/bid/104879
- http://www.securitytracker.com/id/1041432
- https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:2169
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4118-1/
- https://usn.ubuntu.com/4351-1/
- https://launchpad.net/bugs/cve/CVE-2018-5383
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1615683
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1615706
- https://access.redhat.com/security/cve/cve-2018-5383
- https://bugzilla.redhat.com/show_bug.cgi?id=1614159
- https://support.apple.com/en-us/HT209139 (Advisory)
- https://support.apple.com/en-us/HT208937 (Advisory)
- https://support.apple.com/en-us/HT208849 (Advisory)
- https://support.apple.com/en-us/HT209107 (Advisory)
- https://support.apple.com/en-us/HT209106 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2018-5383
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5383
- https://nvd.nist.gov/vuln/detail/CVE-2018-5383
- https://ubuntu.com/security/CVE-2018-5383
- https://source.android.com/docs/security/bulletin/2018-08-01/#asterisk
- https://source.android.com/docs/security/bulletin/2018-08-01 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5383
- CVE-2018-4295
- CVE-2018-4324
- CVE-2018-4417
- CVE-2018-4353
- CVE-2017-12613
- CVE-2017-12618
- CVE-2018-4411
- CVE-2018-4308
- CVE-2018-4321
- CVE-2018-4126
- CVE-2018-4412
- CVE-2018-4414
- CVE-2018-4347
- CVE-2018-4333
- CVE-2018-4153
- CVE-2018-4406
- CVE-2018-4346
- CVE-2018-4296
- CVE-2018-4433
- CVE-2019-8643
- CVE-2017-5731
- CVE-2017-5732
- CVE-2017-5733
- CVE-2017-5734
- CVE-2017-5735
- CVE-2018-4426
- CVE-2018-4331
- CVE-2018-4332
- CVE-2018-4343
- CVE-2018-3646
- CVE-2018-4355
- CVE-2018-4396
- CVE-2018-4418
- CVE-2018-4351
- CVE-2018-4350
- CVE-2018-4334
- CVE-2018-4451
- CVE-2018-4456
- CVE-2018-4408
- CVE-2018-4341
- CVE-2018-4354
- CVE-2018-4383
- CVE-2018-4401
- CVE-2018-4399
- CVE-2018-4407
- CVE-2018-4336
- CVE-2018-4337
- CVE-2018-4340
- CVE-2018-4344
- CVE-2018-4425
- CVE-2015-3194
- CVE-2015-5333
- CVE-2015-5334
- CVE-2016-0702
- CVE-2018-4348
- CVE-2018-4326
- CVE-2018-4310
- CVE-2018-3639
- CVE-2018-4395
- CVE-2016-1777
- CVE-2018-4393
- CVE-2018-4203
- CVE-2018-4304
- CVE-2018-4338
- CVE-2018-4470
- CVE-2018-4289
- CVE-2018-4268
- CVE-2018-4285
- CVE-2018-4293
- CVE-2018-4269
- CVE-2018-4276
- CVE-2018-4178
- CVE-2018-4283
- CVE-2018-3665
- CVE-2018-4259
- CVE-2018-4286
- CVE-2018-4287
- CVE-2018-4288
- CVE-2018-4291
- CVE-2018-4280
- CVE-2018-4248
- CVE-2018-4277
- CVE-2018-6797
- CVE-2018-6913
- CVE-2017-0898
- CVE-2017-10784
- CVE-2017-14033
- CVE-2017-14064
- CVE-2017-17405
- CVE-2017-17742
- CVE-2018-6914
- CVE-2018-8777
- CVE-2018-8778
- CVE-2018-8779
- CVE-2018-8780
- CVE-2018-4274
- CVE-2018-4196
- CVE-2018-4253
- CVE-2018-4256
- CVE-2018-4255
- CVE-2018-4254
- CVE-2018-4258
- CVE-2018-4257
- CVE-2018-7584
- CVE-2018-4219
- CVE-2018-4171
- CVE-2018-4194
- CVE-2018-4180
- CVE-2018-4181
- CVE-2018-4182
- CVE-2018-4183
- CVE-2018-4478
- CVE-2018-4251
- CVE-2018-4211
- CVE-2018-4229
- CVE-2018-4159
- CVE-2018-4242
- CVE-2018-4202
- CVE-2018-4217
- CVE-2018-4141
- CVE-2018-4228
- CVE-2018-4236
- CVE-2018-4234
- CVE-2018-4249
- CVE-2018-8897
- CVE-2018-4241
- CVE-2018-4243
- CVE-2018-4237
- CVE-2018-4404
- CVE-2018-4227
- CVE-2018-4235
- CVE-2018-4240
- CVE-2018-4230
- CVE-2018-4221
- CVE-2018-4223
- CVE-2018-4224
- CVE-2018-4225
- CVE-2018-4226
- CVE-2018-4184
- CVE-2018-4198
- CVE-2018-4193
- CVE-2018-4305
- CVE-2018-4363
- CVE-2018-4313
- CVE-2018-4316
- CVE-2018-4345
- CVE-2018-4191
- CVE-2018-4299
- CVE-2018-4359
- CVE-2018-4323
- CVE-2018-4358
- CVE-2018-4328
- CVE-2018-4197
- CVE-2018-4318
- CVE-2018-4306
- CVE-2018-4312
- CVE-2018-4314
- CVE-2018-4315
- CVE-2018-4317
- CVE-2018-4309
- CVE-2018-4361
- CVE-2018-4474
- CVE-2018-4360
- CVE-2018-4322
- CVE-2018-4356
- CVE-2018-4335
- CVE-2018-4352
- CVE-2018-4329
- CVE-2018-4307
- CVE-2018-4362
- CVE-2018-4325
- CVE-2018-4311
- CVE-2018-4319
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-5383
- agent/author
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/android-source
- source/Android
- vendor/apple
- canonical/apple macos mojave
- canonical/apple macos high sierra
- canonical/apple sierra
- canonical/apple el capitan
- canonical/apple tvos
- canonical/apple ios
- vendor/google
- canonical/google android
- version/google android/6.0
- version/google android/6.0.1
- version/google android/7.0
- version/google android/7.1.1
- version/google android/7.1.2
- version/google android/8.0
- version/google android/8.1
- canonical/apple iphone os
- canonical/apple mac os x
- package-manager/debian