CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3637 – Linux Kernel BlueZ jlink.c jlink_init denial of service
https://notcve.org/view.php?id=CVE-2022-3637
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936. • https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f https://vuldb.com/?id.211936 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3563 – Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference
https://notcve.org/view.php?id=CVE-2022-3563
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability. • https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e https://vuldb.com/?id.211086 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0204
https://notcve.org/view.php?id=CVE-2022-0204
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. Se encontró una vulnerabilidad de desbordamiento de pila en bluez en versiones anteriores a la 5.63. Un atacante con acceso a la red local podría pasar archivos especialmente diseñados causando a una aplicación detenerse o bloquearse, conllevando a una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=2039807 https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0 https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html https://security.gentoo.org/glsa/202209-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43400
https://notcve.org/view.php?id=CVE-2021-43400
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. Se ha detectado un problema en el archivo gatt-database.c en BlueZ versión 5.61. Puede producirse un uso de memoria previamente liberada cuando un cliente se desconecta durante el procesamiento de D-Bus de una llamada WriteValue • https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html • CWE-416: Use After Free •