Description
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
References (6)
Core 6
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202209-16
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2039807
Patch, Third Party Advisory
https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0
Exploit, Third Party Advisory
https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
Scores
CVSS v3
8.8
EPSS
0.0005
EPSS Percentile
15.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-190
Status
published
Products (4)
None/bluez
bluez versions prior to 5.63
bluez/bluez
< 5.63
debian/debian_linux
10.0
fedoraproject/fedora
35
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026