Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2005-2547

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Published: Aug 12, 2005
Updated: Nov 9, 2025
CVE: CVE-2005-2547
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bluez_project / bluez	2.18	2.18.x

http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34
http://secunia.com/advisories/16453
http://secunia.com/advisories/16476
http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881
http://www.debian.org/security/2005/dsa-782
http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml
http://www.securityfocus.com/bid/14572
https://bugs.gentoo.org/show_bug.cgi?id=101557

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo