Bluez Project Bluez vulnerabilities

CVE-2016-7837 [HIGH] CWE-119 CVE-2016-7837: Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.

CVE-2016-9918 [HIGH] CWE-125 CVE-2016-9918: In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet. In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.

CVE-2006-6899 [MEDIUM] CWE-16 CVE-2006-6899: hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse a hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.

CVE-2005-2547 [HIGH] CVE-2005-2547: security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary comma security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.