A buffer overflow was found in the commands_dump() function in tools/parser/csr.c source file of bluez. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Created bluez tracking bugs for this issue:
Affects: fedora-all [bug 1401548]