Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835077 (CVE-2022-0204) - <net-wireless/bluez-5.63: heap buffer overflow
Summary: <net-wireless/bluez-5.63: heap buffer overflow
Alias: CVE-2022-0204
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa?]
Depends on: 837584
  Show dependency tree
Reported: 2022-03-13 14:03 UTC by John Helmert III
Modified: 2022-04-19 13:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2022-03-13 14:03:24 UTC
CVE-2022-0204 (

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

The GitHub advisory claims this can result in remote code execution,
but RedHat's closed the bug as NOTABUG without explanation, but gave
this a CVE anyway, but with a different impact than the advisory.
Comment 1 John Helmert III gentoo-dev Security 2022-03-30 02:40:53 UTC
This is the patch:

So, please cleanup.
Comment 2 John Helmert III gentoo-dev Security 2022-04-10 14:02:20 UTC
Sorry, right, we need stabilization here
Comment 3 John Helmert III gentoo-dev Security 2022-04-11 14:43:47 UTC
Now please cleanup :)
Comment 4 Larry the Git Cow gentoo-dev 2022-04-18 16:27:22 UTC
The bug has been referenced in the following commit(s):

commit ce2e1c7de43ea080fbf8e1dea2af821993d8d6d6
Author:     Pacho Ramos <>
AuthorDate: 2022-04-18 16:23:31 +0000
Commit:     Pacho Ramos <>
CommitDate: 2022-04-18 16:23:31 +0000

    net-wireless/bluez: drop 5.62-r2, 5.62-r3, 5.63-r1
    Signed-off-by: Pacho Ramos <>

 net-wireless/bluez/Manifest                        |   2 -
 net-wireless/bluez/bluez-5.62-r2.ebuild            | 285 -----------
 net-wireless/bluez/bluez-5.62-r3.ebuild            | 295 -----------
 net-wireless/bluez/bluez-5.63-r1.ebuild            | 295 -----------
 ...1-Revert-attrib-Make-use-of-bt_att_resend.patch | 188 -------
 ...hog-Fix-read-order-of-attributes-rediffed.patch | 542 ---------------------
 ...while-uhid-device-has-not-been-c-rediffed.patch |  90 ----
 .../bluez/files/bluez-5.62-fix-disconnecting.patch |  54 --
 8 files changed, 1751 deletions(-)