BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
References
Link | Resource |
---|---|
https://ubuntu.com/security/notices/USN-5481-1 | Issue Tracking Third Party Advisory |
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 | Issue Tracking Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20221020-0002/ | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html | Mailing List Third Party Advisory |
Information
Published : 2022-09-01 21:15
Updated : 2022-11-07 06:37
NVD link : CVE-2022-39176
Mitre link : CVE-2022-39176
JSON object : View
CWE
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
bluez
- bluez