Marie Janssen

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 4.4.4 Android 5.0.x versions prior to 5.0.2 Android 5.1.x versions prior to 5.1.1 Android 6.x versions prior to 2016-05-01 **Description** The issue is caused by a buffer overflow in the btif/src/btif dm.c component of the Bluetooth functionality in Android. This allows remote attackers to execute arbitrary code via a long PIN value. **Recommendations** For Android versions prior to 4.4.4, update to version 4.4.4 or later. For Android 5.0.x versions prior to 5.0.2, update to version 5.0.2 or later. For Android 5.1.x versions prior to 5.1.1, update to version 5.1.1 or later. For Android 6.x versions prior to 2016-05-01, update to a version released after 2016-05-01. As a temporary workaround, consider restricting the use of Bluetooth functionality with long PIN values until a patch is available.