CVE-2022-0204
- Source
- https://cve.org/CVERecord?id=CVE-2022-0204
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0204.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-0204
- Downstream
- Related
- Published
- 2022-03-10T17:44:55.230Z
- Modified
- 2026-02-09T05:13:16.102545Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
- References
-
- https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2039807
- https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
- https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
- https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
- https://security.gentoo.org/glsa/202209-16
- https://bugzilla.redhat.com/show_bug.cgi?id=2039807
- https://bugzilla.redhat.com/show_bug.cgi?id=2039807
- https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
- https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
- https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
Affected packages
Git / github.com/bluez/bluez
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bluez/bluez
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.0
4.1
4.10
4.100
4.101
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.3
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.4
4.40
4.41
4.42
4.43
4.44
4.45
4.46
4.47
4.48
4.49
4.5
4.50
4.51
4.52
4.53
4.54
4.55
4.56
4.57
4.58
4.59
4.6
4.60
4.61
4.62
4.63
4.64
4.65
4.66
4.67
4.68
4.69
4.7
4.70
4.71
4.72
4.73
4.74
4.75
4.76
4.77
4.78
4.79
4.8
4.80
4.81
4.82
4.83
4.84
4.85
4.86
4.87
4.88
4.89
4.9
4.90
4.91
4.92
4.93
4.94
4.95
4.96
4.97
4.98
4.99
5.*
5.0
5.1
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
5.2
5.20
5.21
5.22
5.23
5.24
5.25
5.26
5.27
5.28
5.29
5.3
5.30
5.31
5.32
5.33
5.34
5.35
5.36
5.37
5.38
5.39
5.4
5.40
5.41
5.42
5.43
5.44
5.45
5.46
5.47
5.48
5.49
5.5
5.50
5.51
5.52
5.53
5.54
5.55
5.56
5.57
5.58
5.59
5.6
5.60
5.61
5.62
5.7
5.8
5.9
libs-2.*
libs-2.0
libs-2.0-pre10
libs-2.0-pre7
libs-2.0-pre8
libs-2.0-pre9
libs-2.1
libs-2.10
libs-2.11
libs-2.12
libs-2.13
libs-2.14
libs-2.15
libs-2.16
libs-2.17
libs-2.18
libs-2.19
libs-2.2
libs-2.20
libs-2.21
libs-2.22
libs-2.23
libs-2.24
libs-2.25
libs-2.3
libs-2.4
libs-2.5
libs-2.6
libs-2.7
libs-2.8
libs-2.9
libs-3.*
libs-3.0
libs-3.1
libs-3.10
libs-3.11
libs-3.12
libs-3.13
libs-3.14
libs-3.15
libs-3.16
libs-3.17
libs-3.18
libs-3.19
libs-3.2
libs-3.20
libs-3.21
libs-3.22
libs-3.23
libs-3.24
libs-3.25
libs-3.26
libs-3.27
libs-3.28
libs-3.29
libs-3.3
libs-3.30
libs-3.31
libs-3.32
libs-3.33
libs-3.34
libs-3.35
libs-3.36
libs-3.4
libs-3.5
libs-3.6
libs-3.7
libs-3.8
libs-3.9
utils-2.*
utils-2.0
utils-2.0-pre10
utils-2.0-pre11
utils-2.0-pre12
utils-2.0-pre7
utils-2.0-pre8
utils-2.0-pre9
utils-2.1
utils-2.10
utils-2.11
utils-2.12
utils-2.13
utils-2.14
utils-2.15
utils-2.16
utils-2.17
utils-2.18
utils-2.19
utils-2.2
utils-2.20
utils-2.21
utils-2.22
utils-2.23
utils-2.24
utils-2.25
utils-2.3
utils-2.4
utils-2.5
utils-2.6
utils-2.7
utils-2.8
utils-2.9
utils-3.*
utils-3.0
utils-3.1
utils-3.10
utils-3.10.1
utils-3.11
utils-3.12
utils-3.13
utils-3.14
utils-3.15
utils-3.16
utils-3.17
utils-3.18
utils-3.19
utils-3.2
utils-3.20
utils-3.21
utils-3.22
utils-3.23
utils-3.24
utils-3.25
utils-3.26
utils-3.27
utils-3.28
utils-3.29
utils-3.3
utils-3.30
utils-3.31
utils-3.32
utils-3.33
utils-3.34
utils-3.35
utils-3.36
utils-3.4
utils-3.5
utils-3.6
utils-3.6.1
utils-3.7
utils-3.8
utils-3.9
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0",
"id": "CVE-2022-0204-27df0139",
"target": {
"file": "src/shared/gatt-server.c"
},
"digest": {
"line_hashes": [
"245983701743678431712287570712867372852",
"204872452563842121916948163942014134051",
"74592790094705381018705849185625643364",
"97652621860010509070483822321576483347",
"100595917246871049992004168001243166733",
"304996773202596487567244761678739916092",
"287623655062436781374106337048619503982",
"130799082809774549235180667228244751232",
"17973078705912842330586538744745511373"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0",
"id": "CVE-2022-0204-afe5e0ab",
"target": {
"file": "src/shared/gatt-server.c",
"function": "prep_write_cb"
},
"digest": {
"function_hash": "16905689294561478361334181224246022371",
"length": 1120.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0",
"id": "CVE-2022-0204-f4573241",
"target": {
"file": "src/shared/gatt-server.c",
"function": "write_cb"
},
"digest": {
"function_hash": "185952619249472048974319101553271115226",
"length": 1034.0
},
"signature_type": "Function",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0204.json"