Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Bluez Subscribe
Filtered by product Bluez
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1000250 1 Bluez 1 Bluez 2018-02-16 3.3 LOW 6.5 MEDIUM
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
CVE-2016-9799 1 Bluez 1 Bluez 2016-12-07 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
CVE-2016-9800 1 Bluez 1 Bluez 2016-12-07 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.
CVE-2016-9801 1 Bluez 1 Bluez 2016-12-07 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.
CVE-2016-9804 1 Bluez 1 Bluez 2016-12-07 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
CVE-2016-9803 1 Bluez 1 Bluez 2016-12-07 5.0 MEDIUM 5.3 MEDIUM
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.