CVE-2022-0204

EUVD-2022-15406
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
bluezbluez
𝑥
< 5.63
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bluez
bookworm
5.66-1+deb12u2
fixed
bookworm (security)
5.66-1+deb12u1
fixed
bullseye
vulnerable
bullseye (security)
5.55-3.1+deb11u2
fixed
sid
5.77-1
fixed
stretch
no-dsa
trixie
5.77-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bluez
bionic
Fixed 5.48-0ubuntu3.8
released
focal
Fixed 5.53-0ubuntu3.5
released
impish
Fixed 5.60-0ubuntu2.2
released
jammy
Fixed 5.63-0ubuntu1
released
trusty
ignored
xenial
Fixed 5.37-0ubuntu5.3+esm2
released
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2039807
https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
https://security.gentoo.org/glsa/202209-16
https://bugzilla.redhat.com/show_bug.cgi?id=2039807
https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html
https://security.gentoo.org/glsa/202209-16