CVE-2022-39176

Name
CVE-2022-39176
Description
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://ubuntu.com/security/notices/USN-5481-1
MISC https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:* bluez >= None < 5.59

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bluez 3.14-main 5.58-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bluez 3.13-main 5.55-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable