CVE-2022-39176
- Source
- https://cve.org/CVERecord?id=CVE-2022-39176
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39176.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-39176
- Downstream
- Related
- Published
- 2022-09-02T04:15:11.427Z
- Modified
- 2026-04-11T11:56:02.336682Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "18.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "20.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "10.0" } ] } ] }- References
Affected packages
Git / github.com/bluez/bluez
Affected versions
4.*
4.0
4.1
4.10
4.100
4.101
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.40
4.41
4.42
4.43
4.44
4.45
4.46
4.47
4.48
4.49
4.5
4.50
4.51
4.52
4.53
4.54
4.55
4.56
4.57
4.58
4.59
4.6
4.60
4.61
4.62
4.63
4.64
4.65
4.66
4.67
4.68
4.69
4.7
4.70
4.71
4.72
4.73
4.74
4.75
4.76
4.77
4.78
4.79
4.8
4.80
4.81
4.82
4.83
4.84
4.85
4.86
4.87
4.88
4.89
4.9
4.90
4.91
4.92
4.93
4.94
4.95
4.96
4.97
4.98
4.99
5.*
5.0
5.1
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
5.2
5.20
5.21
5.22
5.23
5.24
5.25
5.26
5.27
5.28
5.29
5.3
5.30
5.31
5.32
5.33
5.34
5.35
5.36
5.37
5.38
5.39
5.4
5.40
5.41
5.42
5.43
5.44
5.45
5.46
5.47
5.48
5.49
5.5
5.50
5.51
5.52
5.53
5.54
5.55
5.56
5.57
5.58
5.6
5.7
5.8
5.9