bluez is vulnerable to null pointer dereference. The vulnerability exists due to the manipulation of the argument cap_len in read_50_controller_cap_complete of the file tools/mgmt-tester.c which causes a null pointer dereference resulting in an application crash.