CVE-2016-7837
published 2017-06-09CVE-2016-7837: Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
PriorityP433high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.56%
42.1th percentile
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bluez | bluez | <= 5.41 | — |
| bluez | bluez | >= 0 < 5.43-1 | 5.43-1 |
| bluez | bluez | >= 0 < 5.43-1 | 5.43-1 |
| bluez | bluez | >= 0 < 5.43-1 | 5.43-1 |
| bluez | bluez | >= 0 < 5.43-1 | 5.43-1 |
| bluez | bluez | >= 0 < 5.37-0ubuntu5.3 | 5.37-0ubuntu5.3 |
| bluez | bluez | >= 0 < 5.48-0ubuntu3.4 | 5.48-0ubuntu3.4 |
| bluez_project | bluez | — | — |
| debian | bluez | < bluez 5.43-1 (bookworm) | bluez 5.43-1 (bookworm) |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rqrx-f2rh-m32q: Buffer overflow in BlueZ 5
ghsa_unreviewed·2022-05-13
CVE-2016-7837 [HIGH] CWE-119 GHSA-rqrx-f2rh-m32q: Buffer overflow in BlueZ 5
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
OSV
bluez vulnerabilities
osv·2020-03-30·CVSS 7.8
CVE-2020-0556 [HIGH] bluez vulnerabilities
bluez vulnerabilities
It was discovered that BlueZ incorrectly handled bonding HID and HOGP
devices. A local attacker could possibly use this issue to impersonate
non-bonded devices. (CVE-2020-0556)
It was discovered that BlueZ incorrectly handled certain commands. A local
attacker could use this issue to cause BlueZ to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS. (CVE-2016-7837)
OSV
CVE-2016-7837: Buffer overflow in BlueZ 5
osv·2017-06-09·CVSS 7.8
CVE-2016-7837 [HIGH] CVE-2016-7837: Buffer overflow in BlueZ 5
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
Ubuntu
BlueZ vulnerabilities
vendor_ubuntu·2020-03-30·CVSS 7.8
CVE-2016-7837 [HIGH] BlueZ vulnerabilities
Title: BlueZ vulnerabilities
Summary: Several security issues were fixed in BlueZ.
It was discovered that BlueZ incorrectly handled bonding HID and HOGP
devices. A local attacker could possibly use this issue to impersonate
non-bonded devices. (CVE-2020-0556)
It was discovered that BlueZ incorrectly handled certain commands. A local
attacker could use this issue to cause BlueZ to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS. (CVE-2016-7837)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
bluez: Buffer overflow in parse_line function
vendor_redhat·2016-09-10·CVSS 7.8
CVE-2016-7837 [HIGH] CWE-120 bluez: Buffer overflow in parse_line function
bluez: Buffer overflow in parse_line function
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates.
Package: bluez-utils (Red Hat Enterprise Linux 5) - Will not fix
Package: bluez (Red Hat Enterprise Linux 6) - Will not fix
Package: bluez (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2016-7837: bluez - Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrar...
vendor_debian·2016·CVSS 7.8
CVE-2016-7837 [HIGH] CVE-2016-7837: bluez - Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrar...
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
Scope: local
bookworm: resolved (fixed in 5.43-1)
bullseye: resolved (fixed in 5.43-1)
forky: resolved (fixed in 5.43-1)
sid: resolved (fixed in 5.43-1)
trixie: resolved (fixed in 5.43-1)
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/95067https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601https://jvn.jp/en/jp/JVN38755305/index.htmlhttps://usn.ubuntu.com/4311-1/http://www.securityfocus.com/bid/95067https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601https://jvn.jp/en/jp/JVN38755305/index.htmlhttps://usn.ubuntu.com/4311-1/
2017-06-09
Published