CVE-2022-39177

Name
CVE-2022-39177
Description
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://ubuntu.com/security/notices/USN-5481-1
MISC https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
Third Party Advisory https://security.netapp.com/advisory/ntap-20221020-0002/
Mailing List https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:* bluez >= None < 5.59

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bluez 3.14-main 5.58-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bluez 3.13-main 5.55-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable