CNNVD-202506-2833 Information

CNNVD ID

CNNVD-202506-2833

Related CVE

CVE-2025-5478

• CNNVD Published: 2025-06-21

Description (Chinese)

Sony XAV-AX8500是日本索尼（Sony）公司的一个数码多媒体接收器。 Sony XAV-AX8500存在输入验证错误漏洞，该漏洞源于蓝牙SDP协议实现不当导致整数溢出，可能导致远程代码执行。

Description (English)

Sony XAV-AX8500 is a digital multimedia receiver for Sony, Japan. Sony XAV-AX8500 has an input validation error loophole, which stems from the fact that the Bluetooth SDP agreement was not properly implemented and resulted in an integer spill, which could lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

索尼

Published

2025-06-21

Last Modified

2026-02-24

References

https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092 https://www.zerodayinitiative.com/advisories/ZDI-25-355/

Patch

https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/downloads