CVE-2022-0204

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions bluez versions prior to 5.63

Description A heap overflow vulnerability was found in the implementation of the GATT protocol stack for Linux BlueZ. This issue is related to a buffer overflow. An attacker with local network access could pass specially crafted files, causing an application to halt or crash, leading to a denial of service. The exploitation of this vulnerability may also allow a remote attacker to execute arbitrary code by sending specially crafted files.

Recommendations For versions prior to 5.63, update to version 5.63 or later to resolve the issue. As a temporary workaround, consider restricting access to the Bluetooth functionality to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-190CWE-787

Related Identifiers

ALT-PU-2022-1582

ALT-PU-2022-2020

BDU:2022-05666

CVE-2022-0204

DLA-3157-1

DLA-3879-1

GHSA-479M-XCQ5-9G2Q

MGASA-2022-0058

OESA-2022-1595

OPENSUSE-SU-2022_2883-1

OPENSUSE-SU-2022_3247-1

OPENSUSE-SU-2024:12394-1

SUSE-SU-2022:2837-1

SUSE-SU-2022:2883-1

SUSE-SU-2022:2948-1

SUSE-SU-2022:3247-1

SUSE-SU-2022_2837-1

SUSE-SU-2022_2883-1

SUSE-SU-2022_3247-1

USN-5275-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Bluez

CVE-2022-0204

Weakness Enumeration

Related Identifiers

Affected Products

References · 43