CVE-2022-0204

high

Description

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

References

Advisories
More

https://security.gentoo.org/glsa/202209-16

https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html

https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0

https://bugzilla.redhat.com/show_bug.cgi?id=2039807

https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q

Details

Source: Mitre, NVD

Published: 2022-03-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00049

Detections

Analytics