CVE-2022-0204

Name
CVE-2022-0204
Description
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2039807
MISC https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
MISC https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
Third Party Advisory https://security.gentoo.org/glsa/202209-16
Mailing List https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:* bluez >= None < 5.63

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bluez 3.14-main 5.58-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bluez 3.13-main 5.55-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bluez 3.12-main 5.54-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable