CVE-2016-7837
Ubuntu Security Notice USN-4311-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
Ddesbordamiento de búfer en BlueZ 5.41 y versiones anteriores, permite a un atacante ejecutar código arbitrario a través de la función parse_line utilizada en algunas utilidades de userland.
It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2017-06-09 CVE Published
- 2024-08-06 CVE Updated
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95067 | Third Party Advisory | |
| https://jvn.jp/en/jp/JVN38755305/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 | 2020-04-03 |
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4311-1 | 2020-04-03 |