CVE-2006-3146

Published: Jun 22, 2006Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23.

Affected (14)

Products: Toshiba: Bluetooth Stack

1 product

Bluetooth Stack

Configuration A

14 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Toshiba Bluetooth Stack	Up to 4.00.29
Toshiba Bluetooth Stack	Version 3.00.11
Toshiba Bluetooth Stack	Version 3.00.12
Toshiba Bluetooth Stack	Version 3.00.31a
Toshiba Bluetooth Stack	Version 3.00.32
Toshiba Bluetooth Stack	Version 3.01.03
Toshiba Bluetooth Stack	Version 3.10.00
Toshiba Bluetooth Stack	Version 3.20.00
Toshiba Bluetooth Stack	Version 3.20.01
Toshiba Bluetooth Stack	Version 3.20.02
Toshiba Bluetooth Stack	Version 3.20.04
Toshiba Bluetooth Stack	Version 4.00.01t
Toshiba Bluetooth Stack	Version 4.00.11
Toshiba Bluetooth Stack	Version 4.00.23

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (24)

http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2

Source: cve@mitre.org

http://attrition.org/pipermail/vim/2006-October/001085.html

Source: cve@mitre.org

http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html

Source: cve@mitre.org

http://secunia.com/advisories/20657

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1016345

Source: cve@mitre.org

http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html

Source: cve@mitre.org

http://trifinite.org/trifinite_advisory_toshiba.html

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/26686

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/437811/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18527

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2006/2455

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27228

Source: cve@mitre.org

http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2

Source: af854a3a-2127-422b-91ae-364da2661108

http://attrition.org/pipermail/vim/2006-October/001085.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20657

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securitytracker.com/id?1016345

Source: af854a3a-2127-422b-91ae-364da2661108

http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://trifinite.org/trifinite_advisory_toshiba.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/26686

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/437811/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/18527

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2006/2455

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27228

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.