CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3637 – Linux Kernel BlueZ jlink.c jlink_init denial of service
https://notcve.org/view.php?id=CVE-2022-3637
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936. • https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f https://vuldb.com/?id.211936 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3563 – Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference
https://notcve.org/view.php?id=CVE-2022-3563
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability. • https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e https://vuldb.com/?id.211086 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39177
https://notcve.org/view.php?id=CVE-2022-39177
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. BlueZ versiones anteriores a 5.59, permite a atacantes físicamente próximos causar una denegación de servicio porque pueden procesarse capacidades malformadas e inválidas en el archivo profiles/audio/avdtp.c • https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20221020-0002 https://ubuntu.com/security/notices/USN-5481-1 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39176
https://notcve.org/view.php?id=CVE-2022-39176
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. BlueZ versiones anteriores a 5.59, permite a atacantes físicamente próximos obtener información confidencial porque el archivo profiles/audio/avrcp.c no comprueba params_len • https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.netapp.com/advisory/ntap-20221020-0002 https://ubuntu.com/security/notices/USN-5481-1 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0204
https://notcve.org/view.php?id=CVE-2022-0204
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. Se encontró una vulnerabilidad de desbordamiento de pila en bluez en versiones anteriores a la 5.63. Un atacante con acceso a la red local podría pasar archivos especialmente diseñados causando a una aplicación detenerse o bloquearse, conllevando a una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=2039807 https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0 https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.gentoo.org/glsa/202209-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •