Denial of service in BlueZ
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2016-9798 CVE-2016-9918 CVE-2016-9917 CVE-2016-9804 CVE-2016-9803 CVE-2016-9801 CVE-2016-9800 CVE-2016-9799 |
| CWE-ID | CWE-416 CWE-125 CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
BlueZ Universal components / Libraries / Libraries used by multiple products |
| Vendor | BlueZ Project |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU23107
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the conf_opt() function in tools/parser/l2cap.c when processing a corrupted dump file. A local user can use a specially crafted dump file to crash hcidump.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 5.42
CPE2.3 External linkshttps://www.spinics.net/lists/linux-bluetooth/msg68892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU23109
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9918
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within packet_hexdump() function in monitor/packet.c. A local user can pass a specially crafted dump file, trigger out-of-bounds read error and crash the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsBlueZ: 5.42
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html
https://www.spinics.net/lists/linux-bluetooth/msg68898.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU23110
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9917
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the read_n() function in tools/hcidump.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash hcidump. MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 5.42
CPE2.3 External linkshttps://www.spinics.net/lists/linux-bluetooth/msg68892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU23111
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9804
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the commands_dump() function in tools/parser/csr.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash hcidump. MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 5.42
CPE2.3 External linkshttps://www.spinics.net/lists/linux-bluetooth/msg68892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU23112
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9918
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the "packet_hexdump()" function in monitor/packet.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash hcidump.
MitigationInstall update from vendor's website.
Vulnerable software versionsBlueZ: 5.42
CPE2.3 External linkshttps://www.spinics.net/lists/linux-bluetooth/msg68898.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU23114
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9803
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary condition within the le_meta_ev_dump() function in tools/parser/hci.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 5.42
CPE2.3 External linkshttps://www.spinics.net/lists/linux-bluetooth/msg68892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU23115
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9801
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the set_ext_ctrl() function in tools/parser/l2cap.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 5.42
CPE2.3 External linkshttps://www.securityfocus.com/bid/94652
https://www.spinics.net/lists/linux-bluetooth/msg68892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU23116
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9800
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the pin_code_reply_dump() function in tools/parser/hci.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 5.42
CPE2.3 External linkshttps://www.spinics.net/lists/linux-bluetooth/msg68892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU23117
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9799
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the pklg_read_hci() function in btsnoop.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBlueZ: 5.42
CPE2.3 External linkshttps://www.spinics.net/lists/linux-bluetooth/msg68898.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
