CVE-2016-9800

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9800
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9800.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-9800
Downstream
Related
Published
2016-12-03T06:59:05.137Z
Modified
2026-04-16T06:17:07.053961432Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In BlueZ 5.42, a buffer overflow was observed in "pincodereplydump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pincodereplycp *cp" parameter.

References

Affected packages

Git / github.com/bluez/bluez

Affected ranges

Type
GIT
Repo
https://github.com/bluez/bluez
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dcbc28940118a14ce175153e5f006551600e9244
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.42"
        }
    ]
}

Affected versions

4.*
4.0
4.1
4.10
4.100
4.101
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.40
4.41
4.42
4.43
4.44
4.45
4.46
4.47
4.48
4.49
4.5
4.50
4.51
4.52
4.53
4.54
4.55
4.56
4.57
4.58
4.59
4.6
4.60
4.61
4.62
4.63
4.64
4.65
4.66
4.67
4.68
4.69
4.7
4.70
4.71
4.72
4.73
4.74
4.75
4.76
4.77
4.78
4.79
4.8
4.80
4.81
4.82
4.83
4.84
4.85
4.86
4.87
4.88
4.89
4.9
4.90
4.91
4.92
4.93
4.94
4.95
4.96
4.97
4.98
4.99
5.*
5.0
5.1
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
5.2
5.20
5.21
5.22
5.23
5.24
5.25
5.26
5.27
5.28
5.29
5.3
5.30
5.31
5.32
5.33
5.34
5.35
5.36
5.37
5.38
5.39
5.4
5.40
5.41
5.42
5.5
5.6
5.7
5.8
5.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9800.json"