CVE-2016-9800

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9800

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9800.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-9800

Downstream

DEBIAN-CVE-2016-9800

SUSE-SU-2018:1778-1

SUSE-SU-2018:4188-1

SUSE-SU-2018:4189-1

SUSE-SU-2019:0510-1

UBUNTU-CVE-2016-9800

openSUSE-SU-2024:10657-1

Related

Published

2016-12-03T06:59:05Z

Modified

2025-09-19T08:39:33.313109Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

In BlueZ 5.42, a buffer overflow was observed in "pincodereplydump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pincodereplycp *cp" parameter.

References

Affected packages

Git / github.com/bluez/bluez

Affected ranges

Type: GIT
Repo: https://github.com/bluez/bluez
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

dcbc28940118a14ce175153e5f006551600e9244

Affected versions

4.*

4.0

4.1

4.10

4.100

4.101

4.11

4.12

4.13

4.14

4.15

4.16

4.17

4.18

4.19

4.2

4.20

4.21

4.22

4.23

4.24

4.25

4.26

4.27

4.28

4.29

4.3

4.30

4.31

4.32

4.33

4.34

4.35

4.36

4.37

4.38

4.39

4.4

4.40

4.41

4.42

4.43

4.44

4.45

4.46

4.47

4.48

4.49

4.5

4.50

4.51

4.52

4.53

4.54

4.55

4.56

4.57

4.58

4.59

4.6

4.60

4.61

4.62

4.63

4.64

4.65

4.66

4.67

4.68

4.69

4.7

4.70

4.71

4.72

4.73

4.74

4.75

4.76

4.77

4.78

4.79

4.8

4.80

4.81

4.82

4.83

4.84

4.85

4.86

4.87

4.88

4.89

4.9

4.90

4.91

4.92

4.93

4.94

4.95

4.96

4.97

4.98

4.99

5.*

5.0

5.1

5.10

5.11

5.12

5.13

5.14

5.15

5.16

5.17

5.18

5.19

5.2

5.20

5.21

5.22

5.23

5.24

5.25

5.26

5.27

5.28

5.29

5.3

5.30

5.31

5.32

5.33

5.34

5.35

5.36

5.37

5.38

5.39

5.4

5.40

5.41

5.42

5.5

5.6

5.7

5.8

5.9

libs-2.*

libs-2.0

libs-2.0-pre10

libs-2.0-pre7

libs-2.0-pre8

libs-2.0-pre9

libs-2.1

libs-2.10

libs-2.11

libs-2.12

libs-2.13

libs-2.14

libs-2.15

libs-2.16

libs-2.17

libs-2.18

libs-2.19

libs-2.2

libs-2.20

libs-2.21

libs-2.22

libs-2.23

libs-2.24

libs-2.25

libs-2.3

libs-2.4

libs-2.5

libs-2.6

libs-2.7

libs-2.8

libs-2.9

libs-3.*

libs-3.0

libs-3.1

libs-3.10

libs-3.11

libs-3.12

libs-3.13

libs-3.14

libs-3.15

libs-3.16

libs-3.17

libs-3.18

libs-3.19

libs-3.2

libs-3.20

libs-3.21

libs-3.22

libs-3.23

libs-3.24

libs-3.25

libs-3.26

libs-3.27

libs-3.28

libs-3.29

libs-3.3

libs-3.30

libs-3.31

libs-3.32

libs-3.33

libs-3.34

libs-3.35

libs-3.36

libs-3.4

libs-3.5

libs-3.6

libs-3.7

libs-3.8

libs-3.9

utils-2.*

utils-2.0

utils-2.0-pre10

utils-2.0-pre11

utils-2.0-pre12

utils-2.0-pre7

utils-2.0-pre8

utils-2.0-pre9

utils-2.1

utils-2.10

utils-2.11

utils-2.12

utils-2.13

utils-2.14

utils-2.15

utils-2.16

utils-2.17

utils-2.18

utils-2.19

utils-2.2

utils-2.20

utils-2.21

utils-2.22

utils-2.23

utils-2.24

utils-2.25

utils-2.3

utils-2.4

utils-2.5

utils-2.6

utils-2.7

utils-2.8

utils-2.9

utils-3.*

utils-3.0

utils-3.1

utils-3.10

utils-3.10.1

utils-3.11

utils-3.12

utils-3.13

utils-3.14

utils-3.15

utils-3.16

utils-3.17

utils-3.18

utils-3.19

utils-3.2

utils-3.20

utils-3.21

utils-3.22

utils-3.23

utils-3.24

utils-3.25

utils-3.26

utils-3.27

utils-3.28

utils-3.29

utils-3.3

utils-3.30

utils-3.31

utils-3.32

utils-3.33

utils-3.34

utils-3.35

utils-3.36

utils-3.4

utils-3.5

utils-3.6

utils-3.6.1

utils-3.7

utils-3.8

utils-3.9