{"api_version":"1","generated_at":"2026-04-23T04:11:12+00:00","cve":"CVE-2022-0204","urls":{"html":"https://cve.report/CVE-2022-0204","api":"https://cve.report/api/cve/CVE-2022-0204.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-0204","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-0204"},"summary":{"title":"CVE-2022-0204","description":"A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.","state":"PUBLISHED","assigner":"redhat","published_at":"2022-03-10 17:44:55","updated_at":"2026-04-15 21:17:03"},"problem_types":["CWE-119","CWE-190","CWE-119 CWE-119"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.8","severity":"","vector":"AV:A/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:P","baseScore":5.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0","name":"https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"shared/gatt-server: Fix heap overflow when appending prepare writes · bluez/bluez@591c546 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html","name":"https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 3157-1] bluez security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html","name":"https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.gentoo.org/glsa/202209-16","name":"https://security.gentoo.org/glsa/202209-16","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"BlueZ: Multiple Vulnerabilities (GLSA 202209-16) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q","name":"https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"Heap overflow vulnerability in the implementation of the gatt protocol · Advisory · bluez/bluez · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039807","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2039807","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"2039807 – (CVE-2022-0204) CVE-2022-0204 bluez: heap-based buffer overflow in the implementation of the gatt protocol","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-0204","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0204","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"bluez","version":"affected bluez versions prior to 5.63","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"204","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bluez","cpe5":"bluez","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"204","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"204","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2022","cve_id":"204","cve":"CVE-2022-0204","epss":"0.000500000","percentile":"0.152360000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:55"},"legacy_qids":[{"cve":"CVE-2022-0204","qid":"181160","title":"Debian Security Update for bluez (DLA 3157-1)"},{"cve":"CVE-2022-0204","qid":"183630","title":"Debian Security Update for bluez (CVE-2022-0204)"},{"cve":"CVE-2022-0204","qid":"198657","title":"Ubuntu Security Notification for BlueZ Vulnerability (USN-5275-1)"},{"cve":"CVE-2022-0204","qid":"355441","title":"Amazon Linux Security Advisory for bluez : ALAS2023-2023-212"},{"cve":"CVE-2022-0204","qid":"355701","title":"Amazon Linux Security Advisory for bluez : ALAS2-2023-2167"},{"cve":"CVE-2022-0204","qid":"671575","title":"EulerOS Security Update for bluez (EulerOS-SA-2022-1557)"},{"cve":"CVE-2022-0204","qid":"671653","title":"EulerOS Security Update for bluez (EulerOS-SA-2022-1707)"},{"cve":"CVE-2022-0204","qid":"671733","title":"EulerOS Security Update for bluez (EulerOS-SA-2022-1784)"},{"cve":"CVE-2022-0204","qid":"671735","title":"EulerOS Security Update for bluez (EulerOS-SA-2022-1801)"},{"cve":"CVE-2022-0204","qid":"671791","title":"EulerOS Security Update for bluez (EulerOS-SA-2022-1858)"},{"cve":"CVE-2022-0204","qid":"671795","title":"EulerOS Security Update for bluez (EulerOS-SA-2022-1834)"},{"cve":"CVE-2022-0204","qid":"671848","title":"EulerOS Security Update for bluez (EulerOS-SA-2022-1882)"},{"cve":"CVE-2022-0204","qid":"710631","title":"Gentoo Linux BlueZ Multiple Vulnerabilities (GLSA 202209-16)"},{"cve":"CVE-2022-0204","qid":"752482","title":"SUSE Enterprise Linux Security Update for bluez (SUSE-SU-2022:2837-1)"},{"cve":"CVE-2022-0204","qid":"752503","title":"SUSE Enterprise Linux Security Update for bluez (SUSE-SU-2022:2883-1)"},{"cve":"CVE-2022-0204","qid":"752524","title":"SUSE Enterprise Linux Security Update for bluez (SUSE-SU-2022:2948-1)"},{"cve":"CVE-2022-0204","qid":"752578","title":"SUSE Enterprise Linux Security Update for bluez (SUSE-SU-2022:3247-1)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-04T16:09:28.899Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039807"},{"tags":["x_transferred"],"url":"https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q"},{"tags":["x_transferred"],"url":"https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0"},{"name":"GLSA-202209-16","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202209-16"},{"name":"[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2022-0204","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-15T21:09:36.081426Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-15T21:09:47.949Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"bluez","vendor":"n/a","versions":[{"status":"affected","version":"bluez versions prior to 5.63"}]}],"descriptions":[{"lang":"en","value":"A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-119","description":"CWE-119","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-10-24T00:00:00.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039807"},{"url":"https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q"},{"url":"https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0"},{"name":"GLSA-202209-16","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202209-16"},{"name":"[debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2022-0204","datePublished":"2022-03-09T00:00:00.000Z","dateReserved":"2022-01-12T00:00:00.000Z","dateUpdated":"2026-04-15T21:09:47.949Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2022-03-10 17:44:55","lastModifiedDate":"2026-04-15 21:17:03","problem_types":["CWE-119","CWE-190","CWE-119 CWE-119"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:P","baseScore":5.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63","matchCriteriaId":"92791467-35A3-4E92-AEDC-1E3751013EE8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"204","Ordinal":"1","Title":"CVE-2022-0204","CVE":"CVE-2022-0204","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"204","Ordinal":"1","NoteData":"A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.","Type":"Description","Title":"CVE-2022-0204"}]}}}