A heap-based buffer overflow was discovered in bluetoothd in bluez through version 5.48. A missing check on whether there is enough space in the destination buffer can allow an attacker to exploit the vulnerability by crafting a request where the response is large enough to overflow the preallocated buffer.