Filtered by vendor Bluez
Subscribe
Total
30 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9804 | 1 Bluez | 1 Bluez | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | |||||
CVE-2016-9803 | 1 Bluez | 1 Bluez | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. | |||||
CVE-2016-9802 | 1 Bluez | 1 Bluez | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | |||||
CVE-2016-9801 | 1 Bluez | 1 Bluez | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. | |||||
CVE-2016-9800 | 1 Bluez | 1 Bluez | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. | |||||
CVE-2016-9799 | 1 Bluez | 1 Bluez | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | |||||
CVE-2016-9798 | 1 Bluez | 1 Bluez | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | |||||
CVE-2016-9797 | 1 Bluez | 1 Bluez | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | |||||
CVE-2016-7837 | 1 Bluez | 1 Bluez | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. | |||||
CVE-2008-2374 | 2 Bluez, Fedoraproject | 3 Bluez-libs, Bluez-utils, Fedora | 2024-11-21 | 7.5 HIGH | N/A |
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read. |