← Retour aux CVEs
CVE-2024-45434
CRITICAL9.8
Description
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the object (aka use after free). An attacker can leverage this to achieve remote code execution in the context of a user account under which the Bluetooth process runs.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie9/12/2025
Derniere modification10/2/2025
Sourcenvd
Observations honeypot0
Produits affectes
opensynergy:blue_sdk
Faiblesses (CWE)
CWE-416
References
https://pcacybersecurity.com/resources/advisory/perfekt-blue(cve@mitre.org)
https://www.opensynergy.com/(cve@mitre.org)
https://pcacybersecurity.com/resources/advisory/perfekt-blue(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.