CVE-2022-0204
Published: 24 January 2022
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
bluez Launchpad, Ubuntu, Debian |
bionic |
Released
(5.48-0ubuntu3.8)
|
| focal |
Released
(5.53-0ubuntu3.5)
|
|
| impish |
Released
(5.60-0ubuntu2.2)
|
|
| jammy |
Released
(5.63-0ubuntu1)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Released
(5.63)
|
|
| xenial |
Released
(5.37-0ubuntu5.3+esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
Patches: upstream: https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Adjacent |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
- https://bugzilla.redhat.com/show_bug.cgi?id=2039807
- https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
- https://ubuntu.com/security/notices/USN-5275-1
- https://www.cve.org/CVERecord?id=CVE-2022-0204
- NVD
- Launchpad
- Debian