AI description
CVE-2023-40129 is a vulnerability within the `build_read_multi_rsp` function in `gatt_sr.cc`. It involves a potential out-of-bounds write, stemming from a heap buffer overflow. This vulnerability could allow for remote code execution within a close proximity, without needing extra permissions or user interaction.
- Description
- In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- security@android.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- nvd@nist.gov
- CWE-787
- Hype score
- Not currently trending
Analysis and exploitation of an integer underflow in the Bluetooth GATT protocol (CVE-2023-40129) https://t.co/NfIMAlnxN6 Credits Mehdi Talbi and Etienne Helluy-Lafont (@Synacktiv) #infosec #Android https://t.co/XyYPQjCJbb
@0xor0ne
3 Dec 2025
4024 Impressions
10 Retweets
82 Likes
48 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-25469 2 - CVE-2023-20198 3 - CVE-2023-40129 4 - CVE-2022-1388 5 - CVE-2022-26923 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Nov 2025
113 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#exploit #WLAN_Security Paint it blue: Attacking the bluetooth stack https://t.co/w6wQRaXDSp // CVE-2023-40129 - critical vulnerability in the Bluetooth stack, which requires neither user interaction nor prior authentication. We managed to successfully exploit it to achieve
@ksg93rd
31 Oct 2025
204 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
🛡️ Bluetooth Heap Overflow Enables Android RCE TL;DR • Researchers detail zero-interaction exploit for CVE-2023-40129 in Android's Fluoride stack. • Allows remote code execution over Bluetooth, accessing sensitive data like mic and contacts. • Highlights risks in
@mobilengineer
27 Oct 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Following their presentation at @hexacon_fr, Mehdi & Etienne detail how they exploited CVE-2023-40129, a critical vulnerability affecting the Bluetooth stack in Android ⬇️ https://t.co/OS63LQ4tJE
@Synacktiv
27 Oct 2025
8504 Impressions
47 Retweets
118 Likes
61 Bookmarks
0 Replies
0 Quotes
🤔 (CVE-2023-40129)[273874525][Bluetooth]In build_read_multi_rsp of gatt_sr.cc: p_buf->len is mtu - 1 and p_cmd->multi_req.variable_len evaluates to true -> integer underflow -> ... -> RCE((proximal/adjacent), 0-click???) https://t.co/b84MvcLbHV https://t.co/kzHx8n
@xvonfers
23 Jan 2025
522 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
],
"operator": "OR"
}
]
}
]