CVE-2016-9804

Name of the Vulnerable Software and Affected Versions BlueZ version 5.42

Description A buffer overflow issue was observed in the commands dump function in the tools/parser/csr.c source file. This issue occurs due to the lack of boundary checks on the size of the buffer from the frm->ptr parameter, causing the commands array to overflow when a corrupted dump file is processed. As a result, this issue can lead to a crash of the hcidump.

Recommendations For BlueZ version 5.42, as a temporary workaround, consider disabling the commands dump function in the tools/parser/csr.c source file until a patch is available. Restrict access to corrupted dump files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.