CVE-2016-7837 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Bluez

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow9 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 33.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bluez Debian Bluez Bluez Project Bluez

Timeline

PublishedJun 9

Latest updateMay 13

Description

Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/bluez< bluez 5.43-1 (bookworm)

▶Debianbluez/bluez< 5.43-1+3

▶Ubuntubluez/bluez< 5.37-0ubuntu5.3+1

▶NVDbluez/bluez5.41

▶CVEListV5bluez_project/bluez5.41 and earlier

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-rqrx-f2rh-m32q: Buffer overflow in BlueZ 5↗2022-05-13

▶

OSV

bluez vulnerabilities↗2020-03-30

▶

OSV

CVE-2016-7837: Buffer overflow in BlueZ 5↗2017-06-09

▶

CVEList

CVE-2016-7837: Buffer overflow in BlueZ 5↗2017-06-09

▶

📋Vendor Advisories

Ubuntu

BlueZ vulnerabilities↗2020-03-30

▶

Red Hat

bluez: Buffer overflow in parse_line function↗2016-09-10

▶

Debian

CVE-2016-7837: bluez - Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrar...↗2016

▶

💬Community

Bugzilla

CVE-2016-7837 bluez: Buffer overflow in parse_line function↗2017-02-20

▶