DEBIAN-CVE-2016-9803

DEBIAN-CVE-2016-9803 PUBLISHED CVSS 5.300000190734863 MEDIUM

In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.

Risk Scores

CVSS v3.0

5.300000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Debian:11	bluez	5.82-1.1, 0, 5.55-3.1
Debian:13	bluez	*, 5.85-4, 5.85-3
Debian:14	bluez	5.85-3, 0, 5.82-1.1
Debian:12	bluez	5.66-1+deb12u1, 5.66-1+deb12u2, 5.68-1

Timeline

Dec 3, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-9803 advisory

Open in Interactive Console →