CVE-2022-0204 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Bluez

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 84.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bluez Debian Bluez Debian Linux +1 more

Timeline

PublishedMar 10

Latest updateApr 16

Description

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDbluez/bluez< 5.63

▶debiandebian/bluez< bluez 5.64-1 (bookworm)

▶Debianbluez/bluez< 5.55-3.1+deb11u2+3

▶Ubuntubluez/bluez< 5.48-0ubuntu3.8+2

▶CVEListV5bluez/bluezbluez versions prior to 5.63

Also affects: Debian Linux 10.0, Fedora 35

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

VulDB

BlueZ up to 5.62 Files heap-based overflow (GHSA-479m-xcq5-9g2q / EUVD-2022-15406)↗2026-04-16

▶

GHSA

GHSA-g2fr-rq52-c2h3: A heap overflow vulnerability was found in bluez in versions prior to 5↗2022-03-11

▶

OSV

CVE-2022-0204: A heap overflow vulnerability was found in bluez in versions prior to 5↗2022-03-10

▶

OSV

bluez vulnerability↗2022-02-08

▶

📋Vendor Advisories

Ubuntu

BlueZ vulnerability↗2022-02-08

▶

Debian

CVE-2022-0204: bluez - A heap overflow vulnerability was found in bluez in versions prior to 5.63. An a...↗2022

▶

Red Hat

bluez: heap-based buffer overflow in the implementation of the gatt protocol↗2021-11-12

▶