Published: 10/03/2022 Updated: 26/06/2023

CVSS v2 Base Score: 5.8 | Impact Score: 6.4 | Exploitability Score: 6.5

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

A heap overflow vulnerability was found in bluez in versions before 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bluez bluez
fedoraproject fedora 35
debian debian linux 10.0

Debian Bug report logs - #1003712 bluez: CVE-2022-0204: Heap overflow vulnerability in the implementation of the gatt protocol Package: src:bluez; Maintainer for src:bluez is Debian Bluetooth Maintainers <team+pkg-bluetooth@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 14 Jan 20 ...

BlueZ could be made to crash or run programs if it received specially crafted network traffic ...

A heap overflow vulnerability was found in bluez in versions prior to 563 An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service (CVE-2022-0204) ...

CWE-190 https://bugzilla.redhat.com/show_bug.cgi?id=2039807 https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0 https://security.gentoo.org/glsa/202209-16 https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003712 https://ubuntu.com/security/notices/USN-5275-1 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2167.html

CVE-2022-0204

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect