CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9804
https://notcve.org/view.php?id=CVE-2016-9804
In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. En BlueZ 5.42, se ha observado un desbordamiento de búfer en la función "commands_dump" en la fuente de archivo "tools/parser/csr.c". El problema existe porque la cadena "commands" desborda por el parámetro subministrado debido a la falta de controles de límites en el tamaño del búfer del parámetro frame "frm->ptr". • http://www.securityfocus.com/bid/94652 https://www.spinics.net/lists/linux-bluetooth/msg68892.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9797
https://notcve.org/view.php?id=CVE-2016-9797
In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. En BlueZ 5.42, se ha observado una sobrelectura de búfer en la función "l2cap_dump" en la fuente de archivo "tools/parser/l2cap.c". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resulta en una caída de hcidump. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html http://www.securityfocus.com/bid/94652 https://www.spinics.net/lists/linux-bluetooth/msg68892.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9800
https://notcve.org/view.php?id=CVE-2016-9800
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. En BlueZ 5.42, se ha observado un desbordamiento de búfer en la función "pin_code_reply_dump" en la fuente de archivo "tools/parser/hci.c". El problema existe debido a que el "pin" se desborda por el parámetro subministrado debido a la falta de controles de límites en el tamaño del búfer del parámetro frame "pin_code_reply_cp * cp". • http://www.securityfocus.com/bid/94652 https://www.spinics.net/lists/linux-bluetooth/msg68892.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9802
https://notcve.org/view.php?id=CVE-2016-9802
In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. En BlueZ 5.42, se ha identificado una sobrelectura de búfer en la función "l2cap_packet" en la fuente de archivo "monitor/packet.c". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resulta en una caída de btmon. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html http://www.securityfocus.com/bid/94652 https://www.spinics.net/lists/linux-bluetooth/msg68898.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9803
https://notcve.org/view.php?id=CVE-2016-9803
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. En BlueZ 5.42, una lectura fuera de límites ha sido observada en la función "le_meta_ev_dump" en la fuente de archivo "tools/parser/hci.c". Este problema existe debido a que 'subevent' (que es usado para leer correctamente elementos del array 'ev_le_meta_str') está desbordado. • http://www.securityfocus.com/bid/94652 https://www.spinics.net/lists/linux-bluetooth/msg68892.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •