Vulnerabilites related to bluez_project - bluez
CVE-2016-9918 (GCVE-0-2016-9918)
Vulnerability from cvelistv5
Published
2016-12-08 08:08
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html"
},
{
"name": "95013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95013"
},
{
"name": "openSUSE-SU-2019:1198",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In BlueZ 5.42, an out-of-bounds read was identified in \"packet_hexdump\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-12T12:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html"
},
{
"name": "95013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95013"
},
{
"name": "openSUSE-SU-2019:1198",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BlueZ 5.42, an out-of-bounds read was identified in \"packet_hexdump\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html",
"refsource": "MISC",
"url": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html"
},
{
"name": "95013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95013"
},
{
"name": "openSUSE-SU-2019:1198",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9918",
"datePublished": "2016-12-08T08:08:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6899 (GCVE-0-2006-6899)
Vulnerability from cvelistv5
Published
2007-01-08 20:00
Modified
2024-08-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "32830",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32830"
},
{
"name": "RHSA-2007:0065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0065.html"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "ADV-2007-0200",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0200"
},
{
"name": "23798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23798"
},
{
"name": "22076",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22076"
},
{
"name": "oval:org.mitre.oval:def:10208",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mulliner.org/bluetooth/hidattack.php"
},
{
"name": "23879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23879"
},
{
"name": "USN-413-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-413-1"
},
{
"name": "MDKSA-2007:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:014"
},
{
"name": "25264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25264"
},
{
"name": "23747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "32830",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32830"
},
{
"name": "RHSA-2007:0065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0065.html"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "ADV-2007-0200",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0200"
},
{
"name": "23798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23798"
},
{
"name": "22076",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22076"
},
{
"name": "oval:org.mitre.oval:def:10208",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mulliner.org/bluetooth/hidattack.php"
},
{
"name": "23879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23879"
},
{
"name": "USN-413-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-413-1"
},
{
"name": "MDKSA-2007:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:014"
},
{
"name": "25264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25264"
},
{
"name": "23747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "32830",
"refsource": "OSVDB",
"url": "http://osvdb.org/32830"
},
{
"name": "RHSA-2007:0065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0065.html"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "ADV-2007-0200",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0200"
},
{
"name": "23798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23798"
},
{
"name": "22076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22076"
},
{
"name": "oval:org.mitre.oval:def:10208",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208"
},
{
"name": "http://mulliner.org/bluetooth/hidattack.php",
"refsource": "MISC",
"url": "http://mulliner.org/bluetooth/hidattack.php"
},
{
"name": "23879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23879"
},
{
"name": "USN-413-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-413-1"
},
{
"name": "MDKSA-2007:014",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:014"
},
{
"name": "25264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25264"
},
{
"name": "23747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6899",
"datePublished": "2007-01-08T20:00:00",
"dateReserved": "2007-01-08T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2547 (GCVE-0-2005-2547)
Vulnerability from cvelistv5
Published
2005-08-12 04:00
Modified
2024-08-07 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31\u0026r2=1.34"
},
{
"name": "16476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16476"
},
{
"name": "DSA-782",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-782"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=101557"
},
{
"name": "GLSA-200508-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml"
},
{
"name": "16453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16453"
},
{
"name": "14572",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14572"
},
{
"name": "[bluez-devel] 20050804 Possible security vulnerability in hcid when calling pin helper",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=7893206\u0026forum_id=1881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-08-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31\u0026r2=1.34"
},
{
"name": "16476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16476"
},
{
"name": "DSA-782",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-782"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=101557"
},
{
"name": "GLSA-200508-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml"
},
{
"name": "16453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16453"
},
{
"name": "14572",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14572"
},
{
"name": "[bluez-devel] 20050804 Possible security vulnerability in hcid when calling pin helper",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=7893206\u0026forum_id=1881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31\u0026r2=1.34",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31\u0026r2=1.34"
},
{
"name": "16476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16476"
},
{
"name": "DSA-782",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-782"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=101557",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=101557"
},
{
"name": "GLSA-200508-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml"
},
{
"name": "16453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16453"
},
{
"name": "14572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14572"
},
{
"name": "[bluez-devel] 20050804 Possible security vulnerability in hcid when calling pin helper",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=7893206\u0026forum_id=1881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2547",
"datePublished": "2005-08-12T04:00:00",
"dateReserved": "2005-08-12T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34 | Patch | |
| cve@mitre.org | http://secunia.com/advisories/16453 | ||
| cve@mitre.org | http://secunia.com/advisories/16476 | ||
| cve@mitre.org | http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2005/dsa-782 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/14572 | ||
| cve@mitre.org | https://bugs.gentoo.org/show_bug.cgi?id=101557 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16453 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16476 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-782 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14572 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=101557 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez_project | bluez | 2.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bluez_project:bluez:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "00806108-C5EA-4568-BDE1-430B686FC0DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper."
}
],
"id": "CVE-2005-2547",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31\u0026r2=1.34"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16453"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16476"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=7893206\u0026forum_id=1881"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-782"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14572"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=101557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31\u0026r2=1.34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=7893206\u0026forum_id=1881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=101557"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. These issues did not affect the version of BlueZ as shipped with Red Hat Enterprise Linux 4.\n",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-08 08:59
Modified
2025-04-12 10:46
Severity ?
Summary
In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/95013 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.spinics.net/lists/linux-bluetooth/msg68898.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95013 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spinics.net/lists/linux-bluetooth/msg68898.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez_project | bluez | 5.42 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluez_project:bluez:5.42:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F3F320-092F-4B1C-9271-EBA2C01C2E84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In BlueZ 5.42, an out-of-bounds read was identified in \"packet_hexdump\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."
},
{
"lang": "es",
"value": "En BlueZ 5.42, una lectura fuera de l\u00edmites fue identificada en la funci\u00f3n \"packet_hexdump\" en el archivo fuente \"monitor/packet.c\". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resultar\u00e1 en una ca\u00edda btmon."
}
],
"id": "CVE-2016-9918",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-08T08:59:04.740",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95013"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2025-04-09 00:30
Severity ?
Summary
hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf | ||
| cve@mitre.org | http://mulliner.org/bluetooth/hidattack.php | ||
| cve@mitre.org | http://osvdb.org/32830 | ||
| cve@mitre.org | http://secunia.com/advisories/23747 | ||
| cve@mitre.org | http://secunia.com/advisories/23798 | ||
| cve@mitre.org | http://secunia.com/advisories/23879 | ||
| cve@mitre.org | http://secunia.com/advisories/25264 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:014 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0065.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/455889/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/22076 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-413-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/0200 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mulliner.org/bluetooth/hidattack.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/32830 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23747 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23798 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23879 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25264 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:014 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0065.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/455889/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-413-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0200 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluez_project | bluez | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bluez_project:bluez:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A222E1FC-1A58-4D3E-988C-993FD51E6D76",
"versionEndIncluding": "2.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack."
},
{
"lang": "es",
"value": "hidd en BlueZ (bluez-utils) anterior a 2.25 permite a atacantes remotos obtener el control de los Dispositivos de Interfaz Humana (HID) del (1) Rat\u00f3n y (2) Teclado mediante una determinada configuraci\u00f3n de dos extremos HID (PSM) (HID endpoints), operando como servidor, tambi\u00e9n conocido como HidAttack."
}
],
"id": "CVE-2006-6899",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://mulliner.org/bluetooth/hidattack.php"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32830"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23747"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23798"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23879"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25264"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:014"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0065.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22076"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-413-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0200"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mulliner.org/bluetooth/hidattack.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-413-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}