Description

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

Related CPE's

a

bluez

bluez

Vulnerable

o

fedoraproject

fedora

35

Vulnerable

o

debian

debian_linux

10.0

Vulnerable

References

https://bugzilla.redhat.com/show_bug.cgi?id=2039807

Issue TrackingPatchThird Party Advisory

https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0

PatchThird Party Advisory

https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202209-16

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2039807

Issue TrackingPatchThird Party Advisory

https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0

PatchThird Party Advisory

https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html

https://security.gentoo.org/glsa/202209-16

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-119

[email protected]

Primary
CWE-190

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-10T16:44:55.230Z

4 years ago

Last modified

2025-11-04T15:15:46.130Z

4 months ago