{"id":"PYSEC-2019-250","details":"GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.","modified":"2024-11-21T14:22:50.820785Z","published":"2019-01-21T06:29:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"REPORT","url":"https://github.com/labapart/gattlib/issues/82"},{"type":"EVIDENCE","url":"https://github.com/labapart/gattlib/issues/81"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/46215/"}],"affected":[{"package":{"name":"gattlib-py","ecosystem":"PyPI","purl":"pkg:pypi/gattlib-py"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.4.0","0.4.1","0.4.10","0.4.11","0.4.12","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.1","0.5.2","0.6.0","0.7.0","0.7.1","0.7.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/gattlib-py/PYSEC-2019-250.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}