CVE-2016-9798
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
03/12/2016
Last modified:
12/04/2025
Description
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bluez:bluez:5.42:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html
- http://www.securityfocus.com/bid/94652
- https://www.spinics.net/lists/linux-bluetooth/msg68892.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html
- http://www.securityfocus.com/bid/94652
- https://www.spinics.net/lists/linux-bluetooth/msg68892.html