SB2016120302 - Denial of service in BlueZ
Published: December 3, 2016 Updated: December 2, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2016-9798)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the conf_opt() function in tools/parser/l2cap.c when processing a corrupted dump file. A local user can use a specially crafted dump file to crash hcidump.
2) Out-of-bounds read (CVE-ID: CVE-2016-9918)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within packet_hexdump() function in monitor/packet.c. A local user can pass a specially crafted dump file, trigger out-of-bounds read error and crash the affected application.
3) Buffer overflow (CVE-ID: CVE-2016-9917)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the read_n() function in tools/hcidump.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash hcidump.4) Buffer overflow (CVE-ID: CVE-2016-9804)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the commands_dump() function in tools/parser/csr.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash hcidump.5) Out-of-bounds read (CVE-ID: CVE-2016-9918)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the "packet_hexdump()" function in monitor/packet.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash hcidump.
6) Out-of-bounds read (CVE-ID: CVE-2016-9803)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary condition within the le_meta_ev_dump() function in tools/parser/hci.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash application.
7) Buffer overflow (CVE-ID: CVE-2016-9801)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the set_ext_ctrl() function in tools/parser/l2cap.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash application.
8) Buffer overflow (CVE-ID: CVE-2016-9800)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the pin_code_reply_dump() function in tools/parser/hci.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash application.
9) Buffer overflow (CVE-ID: CVE-2016-9799)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the pklg_read_hci() function in btsnoop.c. A local user can pass a specially crafted dump file, trigger a buffer overflow and crash application.
Remediation
Install update from vendor's website.