1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2016-9803
PublicDate: 2016-12-03
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9803
https://www.spinics.net/lists/linux-bluetooth/msg68892.html
Description:
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump"
function in "tools/parser/hci.c" source file. This issue exists because
'subevent' (which is used to read correct element from 'ev_le_meta_str'
array) is overflowed.
Ubuntu-Description:
Notes:
mdeslaur> as of 2017-08-01, appears unfixed
Bugs:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837
Priority: low
Discovered-by:
Assigned-to:
Patches_bluez:
upstream_bluez: needs-triage
precise_bluez: ignored (reached end-of-life)
precise/esm_bluez: DNE (precise was deferred [2017-08-01])
trusty_bluez: deferred (2017-08-01)
vivid/stable-phone-overlay_bluez: ignored (reached end-of-life)
vivid/ubuntu-core_bluez: DNE
xenial_bluez: deferred (2017-08-01)
yakkety_bluez: ignored (reached end-of-life)
zesty_bluez: deferred (2017-08-01)
devel_bluez: deferred (2017-08-01)
|