Buffer Overflow in BlueZ Affects Bluetooth Tools from The Linux Foundation
CVE-2016-9917

7.5HIGH

Key Information:

Vendor

Bluez

Status
Bluez
Vendor
CVE Published:
8 December 2016

What is CVE-2016-9917?

A buffer overflow vulnerability exists in BlueZ 5.42, specifically within the 'read_n' function located in the 'tools/hcidump.c' source file. This vulnerability can be triggered when processing a corrupted dump file, which may lead to a crash of the hcidump utility. Security concerns arise as attackers could exploit this flaw to disrupt service and affect system stability.

References

https://www.spinics.net/lists/linux-bluetooth/msg68892.html
x_refsource_MISC
http://www.securityfocus.com/bid/95013
vdb-entryx_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-9917 : Buffer Overflow in BlueZ Affects Bluetooth Tools from The Linux Foundation