csaf_suse - suse-su-2019:0510-1

suse-su-2019:0510-1

Vulnerability from csaf_suse

Published

2019-02-28 08:53

Modified

2019-02-28 08:53

Summary

Security update for bluez

Notes

Title of the patch

Security update for bluez

Description of the patch

This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-7837: Fixed possible buffer overflow, make sure we don't write past the end of the array.(bsc#1026652) - CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721). - CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function (bsc#1013732) - CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877). - CVE-2016-9918: Fixed an out-of-bounds read in packet_hexdump() (bsc#1015173) - CVE-2017-1000250: Fixed a information leak in SDP (part of the recently published BlueBorne vulnerabilities) (bsc#1057342)

Patchnames

SUSE-2019-510,SUSE-SLE-SAP-12-SP1-2019-510,SUSE-SLE-SERVER-12-2019-510,SUSE-SLE-SERVER-12-SP1-2019-510

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for bluez",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for bluez fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2016-7837: Fixed possible buffer overflow, make sure we don\u0027t write past the end of the array.(bsc#1026652)\n- CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721).\n- CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function (bsc#1013732)\n- CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877).\n- CVE-2016-9918: Fixed an out-of-bounds read in packet_hexdump() (bsc#1015173)\n- CVE-2017-1000250: Fixed a information leak in SDP (part of the recently published BlueBorne vulnerabilities) (bsc#1057342)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-510,SUSE-SLE-SAP-12-SP1-2019-510,SUSE-SLE-SERVER-12-2019-510,SUSE-SLE-SERVER-12-SP1-2019-510",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0510-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:0510-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190510-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:0510-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005161.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1013721",
        "url": "https://bugzilla.suse.com/1013721"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1013732",
        "url": "https://bugzilla.suse.com/1013732"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1013877",
        "url": "https://bugzilla.suse.com/1013877"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1015173",
        "url": "https://bugzilla.suse.com/1015173"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1026652",
        "url": "https://bugzilla.suse.com/1026652"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057342",
        "url": "https://bugzilla.suse.com/1057342"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7837 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7837/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9800 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9800/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9801 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9801/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9804 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9804/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9918 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9918/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000250 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000250/"
      }
    ],
    "title": "Security update for bluez",
    "tracking": {
      "current_release_date": "2019-02-28T08:53:14Z",
      "generator": {
        "date": "2019-02-28T08:53:14Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:0510-1",
      "initial_release_date": "2019-02-28T08:53:14Z",
      "revision_history": [
        {
          "date": "2019-02-28T08:53:14Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bluez-5.13-3.10.1.aarch64",
                "product": {
                  "name": "bluez-5.13-3.10.1.aarch64",
                  "product_id": "bluez-5.13-3.10.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-cups-5.13-3.10.1.aarch64",
                "product": {
                  "name": "bluez-cups-5.13-3.10.1.aarch64",
                  "product_id": "bluez-cups-5.13-3.10.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-devel-5.13-3.10.1.aarch64",
                "product": {
                  "name": "bluez-devel-5.13-3.10.1.aarch64",
                  "product_id": "bluez-devel-5.13-3.10.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-test-5.13-3.10.1.aarch64",
                "product": {
                  "name": "bluez-test-5.13-3.10.1.aarch64",
                  "product_id": "bluez-test-5.13-3.10.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libbluetooth3-5.13-3.10.1.aarch64",
                "product": {
                  "name": "libbluetooth3-5.13-3.10.1.aarch64",
                  "product_id": "libbluetooth3-5.13-3.10.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bluez-devel-64bit-5.13-3.10.1.aarch64_ilp32",
                "product": {
                  "name": "bluez-devel-64bit-5.13-3.10.1.aarch64_ilp32",
                  "product_id": "bluez-devel-64bit-5.13-3.10.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libbluetooth3-64bit-5.13-3.10.1.aarch64_ilp32",
                "product": {
                  "name": "libbluetooth3-64bit-5.13-3.10.1.aarch64_ilp32",
                  "product_id": "libbluetooth3-64bit-5.13-3.10.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bluez-5.13-3.10.1.i586",
                "product": {
                  "name": "bluez-5.13-3.10.1.i586",
                  "product_id": "bluez-5.13-3.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-cups-5.13-3.10.1.i586",
                "product": {
                  "name": "bluez-cups-5.13-3.10.1.i586",
                  "product_id": "bluez-cups-5.13-3.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-devel-5.13-3.10.1.i586",
                "product": {
                  "name": "bluez-devel-5.13-3.10.1.i586",
                  "product_id": "bluez-devel-5.13-3.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-test-5.13-3.10.1.i586",
                "product": {
                  "name": "bluez-test-5.13-3.10.1.i586",
                  "product_id": "bluez-test-5.13-3.10.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libbluetooth3-5.13-3.10.1.i586",
                "product": {
                  "name": "libbluetooth3-5.13-3.10.1.i586",
                  "product_id": "libbluetooth3-5.13-3.10.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bluez-5.13-3.10.1.ppc64le",
                "product": {
                  "name": "bluez-5.13-3.10.1.ppc64le",
                  "product_id": "bluez-5.13-3.10.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-cups-5.13-3.10.1.ppc64le",
                "product": {
                  "name": "bluez-cups-5.13-3.10.1.ppc64le",
                  "product_id": "bluez-cups-5.13-3.10.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-devel-5.13-3.10.1.ppc64le",
                "product": {
                  "name": "bluez-devel-5.13-3.10.1.ppc64le",
                  "product_id": "bluez-devel-5.13-3.10.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-test-5.13-3.10.1.ppc64le",
                "product": {
                  "name": "bluez-test-5.13-3.10.1.ppc64le",
                  "product_id": "bluez-test-5.13-3.10.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libbluetooth3-5.13-3.10.1.ppc64le",
                "product": {
                  "name": "libbluetooth3-5.13-3.10.1.ppc64le",
                  "product_id": "libbluetooth3-5.13-3.10.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bluez-5.13-3.10.1.s390",
                "product": {
                  "name": "bluez-5.13-3.10.1.s390",
                  "product_id": "bluez-5.13-3.10.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-cups-5.13-3.10.1.s390",
                "product": {
                  "name": "bluez-cups-5.13-3.10.1.s390",
                  "product_id": "bluez-cups-5.13-3.10.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-devel-5.13-3.10.1.s390",
                "product": {
                  "name": "bluez-devel-5.13-3.10.1.s390",
                  "product_id": "bluez-devel-5.13-3.10.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-test-5.13-3.10.1.s390",
                "product": {
                  "name": "bluez-test-5.13-3.10.1.s390",
                  "product_id": "bluez-test-5.13-3.10.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libbluetooth3-5.13-3.10.1.s390",
                "product": {
                  "name": "libbluetooth3-5.13-3.10.1.s390",
                  "product_id": "libbluetooth3-5.13-3.10.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bluez-5.13-3.10.1.s390x",
                "product": {
                  "name": "bluez-5.13-3.10.1.s390x",
                  "product_id": "bluez-5.13-3.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-cups-5.13-3.10.1.s390x",
                "product": {
                  "name": "bluez-cups-5.13-3.10.1.s390x",
                  "product_id": "bluez-cups-5.13-3.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-devel-5.13-3.10.1.s390x",
                "product": {
                  "name": "bluez-devel-5.13-3.10.1.s390x",
                  "product_id": "bluez-devel-5.13-3.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-devel-32bit-5.13-3.10.1.s390x",
                "product": {
                  "name": "bluez-devel-32bit-5.13-3.10.1.s390x",
                  "product_id": "bluez-devel-32bit-5.13-3.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-test-5.13-3.10.1.s390x",
                "product": {
                  "name": "bluez-test-5.13-3.10.1.s390x",
                  "product_id": "bluez-test-5.13-3.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libbluetooth3-5.13-3.10.1.s390x",
                "product": {
                  "name": "libbluetooth3-5.13-3.10.1.s390x",
                  "product_id": "libbluetooth3-5.13-3.10.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libbluetooth3-32bit-5.13-3.10.1.s390x",
                "product": {
                  "name": "libbluetooth3-32bit-5.13-3.10.1.s390x",
                  "product_id": "libbluetooth3-32bit-5.13-3.10.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bluez-5.13-3.10.1.x86_64",
                "product": {
                  "name": "bluez-5.13-3.10.1.x86_64",
                  "product_id": "bluez-5.13-3.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-cups-5.13-3.10.1.x86_64",
                "product": {
                  "name": "bluez-cups-5.13-3.10.1.x86_64",
                  "product_id": "bluez-cups-5.13-3.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-devel-5.13-3.10.1.x86_64",
                "product": {
                  "name": "bluez-devel-5.13-3.10.1.x86_64",
                  "product_id": "bluez-devel-5.13-3.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-devel-32bit-5.13-3.10.1.x86_64",
                "product": {
                  "name": "bluez-devel-32bit-5.13-3.10.1.x86_64",
                  "product_id": "bluez-devel-32bit-5.13-3.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bluez-test-5.13-3.10.1.x86_64",
                "product": {
                  "name": "bluez-test-5.13-3.10.1.x86_64",
                  "product_id": "bluez-test-5.13-3.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libbluetooth3-5.13-3.10.1.x86_64",
                "product": {
                  "name": "libbluetooth3-5.13-3.10.1.x86_64",
                  "product_id": "libbluetooth3-5.13-3.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libbluetooth3-32bit-5.13-3.10.1.x86_64",
                "product": {
                  "name": "libbluetooth3-32bit-5.13-3.10.1.x86_64",
                  "product_id": "libbluetooth3-32bit-5.13-3.10.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bluez-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le"
        },
        "product_reference": "bluez-5.13-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bluez-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64"
        },
        "product_reference": "bluez-5.13-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbluetooth3-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le"
        },
        "product_reference": "libbluetooth3-5.13-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbluetooth3-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
        },
        "product_reference": "libbluetooth3-5.13-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bluez-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le"
        },
        "product_reference": "bluez-5.13-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bluez-5.13-3.10.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x"
        },
        "product_reference": "bluez-5.13-3.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bluez-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64"
        },
        "product_reference": "bluez-5.13-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbluetooth3-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le"
        },
        "product_reference": "libbluetooth3-5.13-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbluetooth3-5.13-3.10.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x"
        },
        "product_reference": "libbluetooth3-5.13-3.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbluetooth3-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64"
        },
        "product_reference": "libbluetooth3-5.13-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bluez-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le"
        },
        "product_reference": "bluez-5.13-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bluez-5.13-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x"
        },
        "product_reference": "bluez-5.13-3.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bluez-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64"
        },
        "product_reference": "bluez-5.13-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbluetooth3-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le"
        },
        "product_reference": "libbluetooth3-5.13-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbluetooth3-5.13-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x"
        },
        "product_reference": "libbluetooth3-5.13-3.10.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libbluetooth3-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64"
        },
        "product_reference": "libbluetooth3-5.13-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7837",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7837"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7837",
          "url": "https://www.suse.com/security/cve/CVE-2016-7837"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1026652 for CVE-2016-7837",
          "url": "https://bugzilla.suse.com/1026652"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-02-28T08:53:14Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-7837"
    },
    {
      "cve": "CVE-2016-9800",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9800"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In BlueZ 5.42, a buffer overflow was observed in \"pin_code_reply_dump\" function in \"tools/parser/hci.c\" source file. The issue exists because \"pin\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"pin_code_reply_cp *cp\" parameter.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9800",
          "url": "https://www.suse.com/security/cve/CVE-2016-9800"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1013721 for CVE-2016-9800",
          "url": "https://bugzilla.suse.com/1013721"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-02-28T08:53:14Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-9800"
    },
    {
      "cve": "CVE-2016-9801",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9801"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In BlueZ 5.42, a buffer overflow was observed in \"set_ext_ctrl\" function in \"tools/parser/l2cap.c\" source file when processing corrupted dump file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9801",
          "url": "https://www.suse.com/security/cve/CVE-2016-9801"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1013732 for CVE-2016-9801",
          "url": "https://bugzilla.suse.com/1013732"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-02-28T08:53:14Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-9801"
    },
    {
      "cve": "CVE-2016-9804",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9804"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In BlueZ 5.42, a buffer overflow was observed in \"commands_dump\" function in \"tools/parser/csr.c\" source file. The issue exists because \"commands\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"frm-\u003eptr\" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9804",
          "url": "https://www.suse.com/security/cve/CVE-2016-9804"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1013877 for CVE-2016-9804",
          "url": "https://bugzilla.suse.com/1013877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-02-28T08:53:14Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9804"
    },
    {
      "cve": "CVE-2016-9918",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9918"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In BlueZ 5.42, an out-of-bounds read was identified in \"packet_hexdump\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9918",
          "url": "https://www.suse.com/security/cve/CVE-2016-9918"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1013893 for CVE-2016-9918",
          "url": "https://bugzilla.suse.com/1013893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015173 for CVE-2016-9918",
          "url": "https://bugzilla.suse.com/1015173"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-02-28T08:53:14Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9918"
    },
    {
      "cve": "CVE-2017-1000250",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000250"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
          "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000250",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000250"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057342 for CVE-2017-1000250",
          "url": "https://bugzilla.suse.com/1057342"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
            "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-02-28T08:53:14Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-1000250"
    }
  ]
}

CVE-2016-9804 (GCVE-0-2016-9804)

Vulnerability from cvelistv5

Published

2016-12-03 06:28

Modified

2024-08-06 02:59

Severity ?

CWE

Summary

In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

References

►

URL

Tags

	https://www.spinics.net/lists/linux-bluetooth/msg68892.html	x_refsource_MISC
	http://www.securityfocus.com/bid/94652	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.568Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
          },
          {
            "name": "94652",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94652"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In BlueZ 5.42, a buffer overflow was observed in \"commands_dump\" function in \"tools/parser/csr.c\" source file. The issue exists because \"commands\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"frm-\u003eptr\" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
        },
        {
          "name": "94652",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94652"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9804",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In BlueZ 5.42, a buffer overflow was observed in \"commands_dump\" function in \"tools/parser/csr.c\" source file. The issue exists because \"commands\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"frm-\u003eptr\" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
            },
            {
              "name": "94652",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94652"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9804",
    "datePublished": "2016-12-03T06:28:00",
    "dateReserved": "2016-12-03T00:00:00",
    "dateUpdated": "2024-08-06T02:59:03.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9918 (GCVE-0-2016-9918)

Vulnerability from cvelistv5

Published

2016-12-08 08:08

Modified

2024-08-06 03:07

Severity ?

CWE

Summary

In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.

References

►

URL

Tags

	https://www.spinics.net/lists/linux-bluetooth/msg68898.html	x_refsource_MISC
	http://www.securityfocus.com/bid/95013	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html"
          },
          {
            "name": "95013",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95013"
          },
          {
            "name": "openSUSE-SU-2019:1198",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In BlueZ 5.42, an out-of-bounds read was identified in \"packet_hexdump\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-12T12:06:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html"
        },
        {
          "name": "95013",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95013"
        },
        {
          "name": "openSUSE-SU-2019:1198",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9918",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In BlueZ 5.42, an out-of-bounds read was identified in \"packet_hexdump\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-bluetooth/msg68898.html"
            },
            {
              "name": "95013",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95013"
            },
            {
              "name": "openSUSE-SU-2019:1198",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00054.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9918",
    "datePublished": "2016-12-08T08:08:00",
    "dateReserved": "2016-12-08T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9800 (GCVE-0-2016-9800)

Vulnerability from cvelistv5

Published

2016-12-03 06:28

Modified

2024-08-06 02:59

Severity ?

CWE

Summary

In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.

References

►

URL

Tags

	https://www.spinics.net/lists/linux-bluetooth/msg68892.html	x_refsource_MISC
	http://www.securityfocus.com/bid/94652	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
          },
          {
            "name": "94652",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94652"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In BlueZ 5.42, a buffer overflow was observed in \"pin_code_reply_dump\" function in \"tools/parser/hci.c\" source file. The issue exists because \"pin\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"pin_code_reply_cp *cp\" parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
        },
        {
          "name": "94652",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94652"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In BlueZ 5.42, a buffer overflow was observed in \"pin_code_reply_dump\" function in \"tools/parser/hci.c\" source file. The issue exists because \"pin\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"pin_code_reply_cp *cp\" parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
            },
            {
              "name": "94652",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94652"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9800",
    "datePublished": "2016-12-03T06:28:00",
    "dateReserved": "2016-12-03T00:00:00",
    "dateUpdated": "2024-08-06T02:59:03.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7837 (GCVE-0-2016-7837)

Vulnerability from cvelistv5

Published

2017-06-09 16:00

Modified

2024-08-06 02:04

Severity ?

CWE

Buffer Overflow

Summary

Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.

References

►

URL

Tags

	https://jvn.jp/en/jp/JVN38755305/index.html	third-party-advisory, x_refsource_JVN
	https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95067	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/4311-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	BlueZ Project	BlueZ	Version: 5.41 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:04:56.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#38755305",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN38755305/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
          },
          {
            "name": "95067",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95067"
          },
          {
            "name": "USN-4311-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4311-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BlueZ",
          "vendor": "BlueZ Project",
          "versions": [
            {
              "status": "affected",
              "version": "5.41 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2016-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-02T23:06:04",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#38755305",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN38755305/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
        },
        {
          "name": "95067",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95067"
        },
        {
          "name": "USN-4311-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4311-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-7837",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BlueZ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.41 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "BlueZ Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#38755305",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN38755305/index.html"
            },
            {
              "name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
            },
            {
              "name": "95067",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95067"
            },
            {
              "name": "USN-4311-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4311-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-7837",
    "datePublished": "2017-06-09T16:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:04:56.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1000250 (GCVE-0-2017-1000250)

Vulnerability from cvelistv5

Published

2017-09-12 17:00

Modified

2024-08-05 22:00

Severity ?

CWE

Summary

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

References

►

URL

Tags

	https://access.redhat.com/security/vulnerabilities/blueborne	x_refsource_CONFIRM
	https://www.armis.com/blueborne	x_refsource_MISC
	http://www.debian.org/security/2017/dsa-3972	vendor-advisory, x_refsource_DEBIAN
	https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100814	vdb-entry, x_refsource_BID
	http://nvidia.custhelp.com/app/answers/detail/a_id/4561	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/240311	third-party-advisory, x_refsource_CERT-VN
	https://access.redhat.com/errata/RHSA-2017:2685	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:00:39.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.armis.com/blueborne"
          },
          {
            "name": "DSA-3972",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3972"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
          },
          {
            "name": "100814",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100814"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
          },
          {
            "name": "VU#240311",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/240311"
          },
          {
            "name": "RHSA-2017:2685",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2685"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2017-09-08T00:00:00",
      "datePublic": "2017-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-16T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.armis.com/blueborne"
        },
        {
          "name": "DSA-3972",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3972"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
        },
        {
          "name": "100814",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100814"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
        },
        {
          "name": "VU#240311",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/240311"
        },
        {
          "name": "RHSA-2017:2685",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2685"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2017-09-08",
          "ID": "CVE-2017-1000250",
          "REQUESTER": "security@armis.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://access.redhat.com/security/vulnerabilities/blueborne",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/vulnerabilities/blueborne"
            },
            {
              "name": "https://www.armis.com/blueborne",
              "refsource": "MISC",
              "url": "https://www.armis.com/blueborne"
            },
            {
              "name": "DSA-3972",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3972"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"
            },
            {
              "name": "100814",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100814"
            },
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
            },
            {
              "name": "VU#240311",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/240311"
            },
            {
              "name": "RHSA-2017:2685",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2685"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-1000250",
    "datePublished": "2017-09-12T17:00:00",
    "dateReserved": "2017-09-12T00:00:00",
    "dateUpdated": "2024-08-05T22:00:39.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9801 (GCVE-0-2016-9801)

Vulnerability from cvelistv5

Published

2016-12-03 06:28

Modified

2024-08-06 02:59

Severity ?

CWE

Summary

In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.

References

►

URL

Tags

	https://www.spinics.net/lists/linux-bluetooth/msg68892.html	x_refsource_MISC
	http://www.securityfocus.com/bid/94652	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
          },
          {
            "name": "94652",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94652"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In BlueZ 5.42, a buffer overflow was observed in \"set_ext_ctrl\" function in \"tools/parser/l2cap.c\" source file when processing corrupted dump file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
        },
        {
          "name": "94652",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94652"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9801",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In BlueZ 5.42, a buffer overflow was observed in \"set_ext_ctrl\" function in \"tools/parser/l2cap.c\" source file when processing corrupted dump file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-bluetooth/msg68892.html"
            },
            {
              "name": "94652",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94652"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9801",
    "datePublished": "2016-12-03T06:28:00",
    "dateReserved": "2016-12-03T00:00:00",
    "dateUpdated": "2024-08-06T02:59:03.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2019:0510-1

Vulnerability from csaf_suse

CVE-2016-9804 (GCVE-0-2016-9804)

Vulnerability from cvelistv5

CVE-2016-9918 (GCVE-0-2016-9918)

Vulnerability from cvelistv5

CVE-2016-9800 (GCVE-0-2016-9800)

Vulnerability from cvelistv5

CVE-2016-7837 (GCVE-0-2016-7837)

Vulnerability from cvelistv5

CVE-2017-1000250 (GCVE-0-2017-1000250)

Vulnerability from cvelistv5

CVE-2016-9801 (GCVE-0-2016-9801)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature