Vulnerability Details : CVE-2022-0204
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2022-0204
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-0204
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:P |
6.5
|
6.4
|
NIST |
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-0204
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: secalert@redhat.com (Secondary)
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2022-0204
-
https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
shared/gatt-server: Fix heap overflow when appending prepare writes · bluez/bluez@591c546 · GitHubPatch;Third Party Advisory
-
https://security.gentoo.org/glsa/202209-16
BlueZ: Multiple Vulnerabilities (GLSA 202209-16) — Gentoo securityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
[SECURITY] [DLA 3157-1] bluez security updateMailing List;Third Party Advisory
-
https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
Heap overflow vulnerability in the implementation of the gatt protocol · Advisory · bluez/bluez · GitHubExploit;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2039807
2039807 – (CVE-2022-0204) CVE-2022-0204 bluez: heap-based buffer overflow in the implementation of the gatt protocolIssue Tracking;Patch;Third Party Advisory
Products affected by CVE-2022-0204
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*