PT-2016-7832 · Bluez+3 · Bluez+3
Op7Ic
·
Published
2016-10-30
·
Updated
2026-05-05
·
CVE-2016-9804
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
BlueZ version 5.42
Description
A buffer overflow issue was observed in the
commands dump function in the tools/parser/csr.c source file. This issue occurs due to the lack of boundary checks on the size of the buffer from the frm->ptr parameter, causing the commands array to overflow when a corrupted dump file is processed. As a result, this issue can lead to a crash of the hcidump.Recommendations
For BlueZ version 5.42, as a temporary workaround, consider disabling the
commands dump function in the tools/parser/csr.c source file until a patch is available. Restrict access to corrupted dump files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Bluez
Debian
Suse