{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-0204", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T23:18:42.545Z", "dateReserved": "2022-01-12T00:00:00", "datePublished": "2022-03-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-10-24T00:00:00"}, "descriptions": [{"lang": "en", "value": "A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service."}], "affected": [{"vendor": "n/a", "product": "bluez", "versions": [{"version": "bluez versions prior to 5.63", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039807"}, {"url": "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q"}, {"url": "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0"}, {"name": "GLSA-202209-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202209-16"}, {"name": "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-119", "cweId": "CWE-119"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:42.545Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039807", "tags": ["x_transferred"]}, {"url": "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q", "tags": ["x_transferred"]}, {"url": "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0", "tags": ["x_transferred"]}, {"name": "GLSA-202209-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202209-16"}, {"name": "[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "matchCriteriaId": "92791467-35A3-4E92-AEDC-1E3751013EE8", "versionEndExcluding": "5.63", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de desbordamiento de pila en bluez en versiones anteriores a la 5.63. Un atacante con acceso a la red local podr\u00eda pasar archivos especialmente dise\u00f1ados causando a una aplicaci\u00f3n detenerse o bloquearse, conllevando a una denegaci\u00f3n de servicio"}], "id": "CVE-2022-0204", "lastModified": "2023-06-26T18:57:09.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-10T17:44:55.230", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039807"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-16"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "bluez: heap-based buffer overflow in the implementation of the gatt protocol", "id": "2039807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039807"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.", "A heap overflow vulnerability was found in bluez. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service."], "name": "CVE-2022-0204", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bluez", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bluez", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bluez", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bluez", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-11-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0204\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0204\nhttps://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q"], "threat_severity": "Moderate", "upstream_fix": "bluez 5.63"}