CVEs-PoC/2018/CVE-2018-5383.md

### [CVE-2018-5383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5383)
![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=iOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=10.13%20High%20Sierra10.13.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=1111.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-325&color=brighgreen)

### Description

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

### POC

#### Reference
- https://usn.ubuntu.com/4118-1/
- https://www.kb.cert.org/vuls/id/304725

#### Github
- https://github.com/AlexandrBing/broadcom-bt-firmware
- https://github.com/JeffroMF/awesome-bluetooth-security321
- https://github.com/engn33r/awesome-bluetooth-security
- https://github.com/sgxgsx/BlueToolkit
- https://github.com/winterheart/broadcom-bt-firmware