CVE-2022-0204

high

Description

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

References

https://security.gentoo.org/glsa/202209-16

https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html

https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q

https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0

https://bugzilla.redhat.com/show_bug.cgi?id=2039807

Details

Source: Mitre, NVD

Published: 2022-03-10

Updated: 2023-06-26

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High