CVE-2022-0204
- Source
- https://cve.org/CVERecord?id=CVE-2022-0204
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0204.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-0204
- Downstream
- Related
- Published
- 2022-03-10T17:44:55.230Z
- Modified
- 2026-04-11T23:37:32.273179Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
- References
-
- https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
- https://security.gentoo.org/glsa/202209-16
- https://bugzilla.redhat.com/show_bug.cgi?id=2039807
- https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
- https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
Affected packages
Git / github.com/bluez/bluez
Affected versions
4.*
4.0
4.1
4.10
4.100
4.101
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.40
4.41
4.42
4.43
4.44
4.45
4.46
4.47
4.48
4.49
4.5
4.50
4.51
4.52
4.53
4.54
4.55
4.56
4.57
4.58
4.59
4.6
4.60
4.61
4.62
4.63
4.64
4.65
4.66
4.67
4.68
4.69
4.7
4.70
4.71
4.72
4.73
4.74
4.75
4.76
4.77
4.78
4.79
4.8
4.80
4.81
4.82
4.83
4.84
4.85
4.86
4.87
4.88
4.89
4.9
4.90
4.91
4.92
4.93
4.94
4.95
4.96
4.97
4.98
4.99
5.*
5.0
5.1
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
5.2
5.20
5.21
5.22
5.23
5.24
5.25
5.26
5.27
5.28
5.29
5.3
5.30
5.31
5.32
5.33
5.34
5.35
5.36
5.37
5.38
5.39
5.4
5.40
5.41
5.42
5.43
5.44
5.45
5.46
5.47
5.48
5.49
5.5
5.50
5.51
5.52
5.53
5.54
5.55
5.56
5.57
5.58
5.59
5.6
5.60
5.61
5.62
5.7
5.8
5.9
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
}
]
vanir_signatures_modified
"2026-04-11T23:37:32Z"
vanir_signatures
[
{
"deprecated": false,
"target": {
"file": "src/shared/gatt-server.c"
},
"id": "CVE-2022-0204-27df0139",
"signature_type": "Line",
"source": "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0",
"signature_version": "v1",
"digest": {
"line_hashes": [
"245983701743678431712287570712867372852",
"204872452563842121916948163942014134051",
"74592790094705381018705849185625643364",
"97652621860010509070483822321576483347",
"100595917246871049992004168001243166733",
"304996773202596487567244761678739916092",
"287623655062436781374106337048619503982",
"130799082809774549235180667228244751232",
"17973078705912842330586538744745511373"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "src/shared/gatt-server.c",
"function": "prep_write_cb"
},
"id": "CVE-2022-0204-afe5e0ab",
"signature_type": "Function",
"source": "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0",
"signature_version": "v1",
"digest": {
"function_hash": "16905689294561478361334181224246022371",
"length": 1120.0
}
},
{
"deprecated": false,
"target": {
"file": "src/shared/gatt-server.c",
"function": "write_cb"
},
"id": "CVE-2022-0204-f4573241",
"signature_type": "Function",
"source": "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0",
"signature_version": "v1",
"digest": {
"function_hash": "185952619249472048974319101553271115226",
"length": 1034.0
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0204.json"