First published: Fri Sep 02 2022(Updated: )
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
BlueZ BlueZ | <5.59 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-39176 is a vulnerability in BlueZ before version 5.59 that allows physically proximate attackers to obtain sensitive information.
CVE-2022-39176 affects BlueZ versions before 5.59.
The severity of CVE-2022-39176 is high with a CVSS score of 8.8.
An attacker can exploit CVE-2022-39176 by being physically proximate to the target device and obtaining sensitive information.
To fix CVE-2022-39176, update BlueZ to version 5.59 or later.