Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835077 (CVE-2022-0204) - <net-wireless/bluez-5.63: heap buffer overflow
Summary: <net-wireless/bluez-5.63: heap buffer overflow
Status: IN_PROGRESS
Alias: CVE-2022-0204
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://github.com/bluez/bluez/securi...
Whiteboard: B1 [glsa?]
Keywords:
Depends on: 837584
Blocks:
  Show dependency tree
 
Reported: 2022-03-13 14:03 UTC by John Helmert III
Modified: 2022-04-19 13:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2022-03-13 14:03:24 UTC
CVE-2022-0204 (https://bugzilla.redhat.com/show_bug.cgi?id=2039807):

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

The GitHub advisory claims this can result in remote code execution,
but RedHat's closed the bug as NOTABUG without explanation, but gave
this a CVE anyway, but with a different impact than the advisory.
Comment 1 John Helmert III gentoo-dev Security 2022-03-30 02:40:53 UTC
This is the patch: https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0

So, please cleanup.
Comment 2 John Helmert III gentoo-dev Security 2022-04-10 14:02:20 UTC
Sorry, right, we need stabilization here
Comment 3 John Helmert III gentoo-dev Security 2022-04-11 14:43:47 UTC
Now please cleanup :)
Comment 4 Larry the Git Cow gentoo-dev 2022-04-18 16:27:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce2e1c7de43ea080fbf8e1dea2af821993d8d6d6

commit ce2e1c7de43ea080fbf8e1dea2af821993d8d6d6
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2022-04-18 16:23:31 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2022-04-18 16:23:31 +0000

    net-wireless/bluez: drop 5.62-r2, 5.62-r3, 5.63-r1
    
    Bug: https://bugs.gentoo.org/835077
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 net-wireless/bluez/Manifest                        |   2 -
 net-wireless/bluez/bluez-5.62-r2.ebuild            | 285 -----------
 net-wireless/bluez/bluez-5.62-r3.ebuild            | 295 -----------
 net-wireless/bluez/bluez-5.63-r1.ebuild            | 295 -----------
 ...1-Revert-attrib-Make-use-of-bt_att_resend.patch | 188 -------
 ...hog-Fix-read-order-of-attributes-rediffed.patch | 542 ---------------------
 ...while-uhid-device-has-not-been-c-rediffed.patch |  90 ----
 .../bluez/files/bluez-5.62-fix-disconnecting.patch |  54 --
 8 files changed, 1751 deletions(-)