Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-39176

Published: 02/09/2022 Updated: 07/11/2022
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Bluez

Vulnerability Summary

BlueZ prior to 5.59 allows physically proximate malicious users to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bluez bluez

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

debian debian linux 10.0

Vendor Advisories

Amazon Linux 2: ALAS2-2022-1881
A vulnerability was found in BlueZ This flaw allows physically proximate attackers to obtain sensitive information because the profiles/audio/avrcpc does not validate params_len (CVE-2022-39176) ...
Red Hat:
BlueZ before 559 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcpc does not validate params_len ...

References

NVD-CWE-noinfohttps://ubuntu.com/security/notices/USN-5481-1https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968https://security.netapp.com/advisory/ntap-20221020-0002/https://lists.debian.org/debian-lts-announce/2022/10/msg00026.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2022-1881.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook