Aggregates CVE and security vulnerability intelligence across all bluez_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk memory corruption, and vendor risk denial of service and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2016-9918 | In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | [email protected] | 7.5 | 0.49% | 2016-12-08 | 2026-05-06 |
| CVE-2006-6899 | hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. | [email protected] | 5.4 | 11.43% | 2006-12-31 | 2026-04-23 |
| CVE-2006-0670 | Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet. | [email protected] | 5.0 | 8.00% | 2006-02-13 | 2026-04-16 |
| CVE-2005-2547 | security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper. | [email protected] | 7.5 | 1.14% | 2005-08-12 | 2026-04-16 |