CVE-2022-0204

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
bluezbluez
𝑥
< 5.63
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bluez
bullseye
vulnerable
stretch
no-dsa
bullseye (security)
5.55-3.1+deb11u2
fixed
bookworm
5.66-1+deb12u2
fixed
bookworm (security)
5.66-1+deb12u1
fixed
sid
5.77-1
fixed
trixie
5.77-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bluez
jammy
Fixed 5.63-0ubuntu1
released
impish
Fixed 5.60-0ubuntu2.2
released
focal
Fixed 5.53-0ubuntu3.5
released
bionic
Fixed 5.48-0ubuntu3.8
released
xenial
Fixed 5.37-0ubuntu5.3+esm2
released
trusty
ignored
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2039807
https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
https://security.gentoo.org/glsa/202209-16
https://bugzilla.redhat.com/show_bug.cgi?id=2039807
https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
https://security.gentoo.org/glsa/202209-16