CVE-2022-39177

6 documents6 sources
Severity
8.8HIGH
EPSS
0.1%
top 80.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Bluez BluezCanonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedSep 2
Latest updateSep 3

Description

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDbluez/bluez< 5.59
Debianbluez< 5.55-3.1+deb11u2+3

Also affects: Debian Linux 10.0, Ubuntu Linux 18.04, 20.04

Patches

Patch: bugs.launchpad.netPatch: bugs.launchpad.net

🔴Vulnerability Details

3
GHSA
GHSA-9pxq-3hvv-rrf5: BlueZ before 52022-09-03
OSV
CVE-2022-39177: BlueZ before 52022-09-02
CVEList
CVE-2022-39177: BlueZ before 52022-09-02

📋Vendor Advisories

2
Red Hat
bluez: BlueZ allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c2022-09-02
Debian
CVE-2022-39177: bluez - BlueZ before 5.59 allows physically proximate attackers to cause a denial of ser...2022
CVE-2022-39177 (HIGH CVSS 8.8) | BlueZ before 5.59 allows physically | cvebase.io