An out-of-bounds read was found in the le_meta_ev_dump() function in tools/parser/hci.c source file of bluez. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. Original report: https://www.spinics.net/lists/linux-bluetooth/msg68892.html