{"id":"CVE-2023-24023","details":"Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.","aliases":["A-255601934","ASB-A-255601934"],"modified":"2026-03-14T12:02:32.091351Z","published":"2023-11-28T07:15:41.340Z","related":["ALSA-2024:2394","SUSE-SU-2024:2360-1","SUSE-SU-2024:2362-1","SUSE-SU-2024:2365-1","SUSE-SU-2024:2372-1","SUSE-SU-2024:2381-1","SUSE-SU-2024:2384-1","SUSE-SU-2024:2385-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2495-1","SUSE-SU-2024:2561-1","SUSE-SU-2024:2939-1"],"references":[{"type":"ADVISORY","url":"https://dl.acm.org/doi/10.1145/3576915.3623066"},{"type":"ADVISORY","url":"https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24023.json","unresolved_ranges":[{"events":[{"introduced":"4.2"},{"last_affected":"5.4"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.17763.5122"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.19043.3693"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.19045.3693"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.22000.2600"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.22621.2715"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.22631.2715"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.17763.5122"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.20348.2113"}]},{"events":[{"introduced":"0"},{"fixed":"10.0.25398.531"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}