CVE-2022-0204

Name
CVE-2022-0204
Description
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2039807
MISC https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
MISC https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
Third Party Advisory https://security.gentoo.org/glsa/202209-16
Mailing List https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:* bluez >= None < 5.63

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bluez edge-main 5.54-r0 None possibly vulnerable
bluez 3.22-main 5.54-r0 None possibly vulnerable
bluez 3.21-main 5.54-r0 None possibly vulnerable
bluez 3.20-main 5.54-r0 None possibly vulnerable
bluez 3.19-main 5.54-r0 None possibly vulnerable
bluez 3.12-main 5.54-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable