BlueZ hcidump <= 1.29 L2CAP Length Field DoS Discoverer: Pierre Betouin (pierre.betouin@infratech.fr) The hcidump tool that accompanies the official Linux Bluetooth stack BlueZ is vulnerable to a denial of service attack when parsing malformed L2CAP frames with an invalid header length. The BlueZ hcidump tool does not do a proper bounds check on the L2CAP HEADER LENGTH field, allowing an attacker cause hcidump to reference an invalid memory address that leads to a segment fault. It is not know if this vulnerability is exploitable beyond a denial of service attack. All versions of hcidump are believed to be vulnerable up to an including version 1.29.