CVE-2016-9801Improper Restriction of Operations within the Bounds of a Memory Buffer in Bluez

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow8 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BluezDebian Bluez
Timeline
PublishedDec 3
Latest updateMay 17

Description

In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDbluez/bluez5.42
debiandebian/bluez

🔴Vulnerability Details

3
GHSA
GHSA-ggf3-m2m9-ff74: In BlueZ 52022-05-17
OSV
CVE-2016-9801: In BlueZ 52016-12-03
CVEList
CVE-2016-9801: In BlueZ 52016-12-03

📋Vendor Advisories

2
Red Hat
bluez: buffer overflow in set_ext_ctrl()2016-12-03
Debian
CVE-2016-9801: bluez - In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "too...2016

💬Community

2
Bugzilla
CVE-2016-9801 bluez: buffer overflow in set_ext_ctrl()2016-12-05
Bugzilla
CVE-2016-9797, CVE-2016-9798, CVE-2016-9800, CVE-2016-9801, CVE-2016-9803 bluez-hcidump: various flaws [fedora-all]2016-12-05