Out-of-Bounds Read in BlueZ Bluetooth Stack Affects Functionality
CVE-2016-9918

7.5HIGH

Key Information:

Vendor

Bluez Project

Status
Bluez
Vendor
CVE Published:
8 December 2016

What is CVE-2016-9918?

A vulnerability has been discovered in the BlueZ Bluetooth stack version 5.42 that allows for an out-of-bounds read during the execution of the 'packet_hexdump' function in the monitor/packet.c source file. This flaw can be exploited when a corrupted dump file is processed, resulting in a crash of the btmon application. This issue underscores the importance of validating input and handling erroneous data safely to prevent potential disruptions.

References

https://www.spinics.net/lists/linux-bluetooth/msg68898.html
x_refsource_MISC
http://www.securityfocus.com/bid/95013
vdb-entryx_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-9918 : Out-of-Bounds Read in BlueZ Bluetooth Stack Affects Functionality