Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BlueZ 缓冲区溢出漏洞
Vulnerability Description
BlueZ是一套官方的Linux蓝牙协议栈。 BlueZ 5.42版本的‘tools/parser/csr.c’原文件中的‘commands_dump’函数存在缓冲区溢出漏洞,该漏洞源于缺少对‘frm->ptr’框架参数的缓冲区边界检查。攻击者可通过运行受损的dump文件利用该漏洞造成hcidump崩溃。
CVSS Information
N/A
Vulnerability Type
N/A