CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3563 – Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference
https://notcve.org/view.php?id=CVE-2022-3563
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability. • https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e https://vuldb.com/?id.211086 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39176
https://notcve.org/view.php?id=CVE-2022-39176
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. BlueZ versiones anteriores a 5.59, permite a atacantes físicamente próximos obtener información confidencial porque el archivo profiles/audio/avrcp.c no comprueba params_len • https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20221020-0002 https://ubuntu.com/security/notices/USN-5481-1 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39177
https://notcve.org/view.php?id=CVE-2022-39177
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. BlueZ versiones anteriores a 5.59, permite a atacantes físicamente próximos causar una denegación de servicio porque pueden procesarse capacidades malformadas e inválidas en el archivo profiles/audio/avdtp.c • https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20221020-0002 https://ubuntu.com/security/notices/USN-5481-1 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0204
https://notcve.org/view.php?id=CVE-2022-0204
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. Se encontró una vulnerabilidad de desbordamiento de pila en bluez en versiones anteriores a la 5.63. Un atacante con acceso a la red local podría pasar archivos especialmente diseñados causando a una aplicación detenerse o bloquearse, conllevando a una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=2039807 https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0 https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.gentoo.org/glsa/202209-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-8922
https://notcve.org/view.php?id=CVE-2019-8922
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. • https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20211203-0002 https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow • CWE-787: Out-of-bounds Write •