Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-9800

Published: 3 December 2016

In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.

Notes

AuthorNote
mdeslaur 
as of 2020-02-07, appears unfixed
crash in hcidump command line tool only

Priority

Negligible

CVSS 3 base score: 5.3

Status

Package Release Status
bluez
Launchpad, Ubuntu, Debian 		artful Ignored
(reached end-of-life)
bionic Deferred

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Deferred

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Deferred

kinetic Deferred

precise Does not exist
(precise was deferred [2017-08-01])
trusty Does not exist
(trusty was deferred [2020-01-06])
upstream Needs triage

xenial Deferred

yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading