CVE-2022-0204 Information

Description

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash leading to a denial of service.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2039807 https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8