CVE-2022-0204
10.03.2022, 17:44
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| bluez | bluez | 𝑥 < 5.63 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| bluez |
| ||||||||||||||||||||||||||||||||||||||||
| bluez-deprecated |
| ||||||||||||||||||||||||||||||||||||||||
| bluez-devel |
| ||||||||||||||||||||||||||||||||||||||||
| bluez-zsh-completion |
| ||||||||||||||||||||||||||||||||||||||||
| libbluetooth3 |
|
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-190 - Integer Overflow or WraparoundThe software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
References