Your submission was sent successfully! Close

CVE-2016-9804

Published: 3 December 2016

In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

Priority

Negligible

CVSS 3 base score: 5.3

Status

Package Release Status
bluez
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Deferred

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Deferred

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Deferred

jammy Deferred

precise Does not exist
(precise was deferred [2017-08-01])
trusty Does not exist
(trusty was deferred [2020-01-06])
upstream Needs triage

xenial Deferred

yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)