Vulnerabilities (CVE)

Filtered by vendor Bluez Subscribe
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9804 1 Bluez 1 Bluez 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
CVE-2016-9803 1 Bluez 1 Bluez 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.
CVE-2016-9802 1 Bluez 1 Bluez 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
CVE-2016-9801 1 Bluez 1 Bluez 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.
CVE-2016-9800 1 Bluez 1 Bluez 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.
CVE-2016-9799 1 Bluez 1 Bluez 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
CVE-2016-9798 1 Bluez 1 Bluez 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
CVE-2016-9797 1 Bluez 1 Bluez 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
CVE-2016-7837 1 Bluez 1 Bluez 2024-11-21 4.6 MEDIUM 7.8 HIGH
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
CVE-2008-2374 2 Bluez, Fedoraproject 3 Bluez-libs, Bluez-utils, Fedora 2024-11-21 7.5 HIGH N/A
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.