Vulnerabilities > Bluez > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-02 | CVE-2022-39176 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | 8.8 |
| 2022-09-02 | CVE-2022-39177 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | 8.8 |
| 2022-03-10 | CVE-2022-0204 | Integer Overflow or Wraparound vulnerability in multiple products A heap overflow vulnerability was found in bluez in versions prior to 5.63. | 8.8 |
| 2021-11-29 | CVE-2019-8922 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. | 8.8 |
| 2020-10-15 | CVE-2020-27153 | Double Free vulnerability in multiple products In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. | 7.5 |