Astra Linux - уязвимость в bluez

Before version 5.59 of BlueZ, physically nearby attackers could obtain sensitive information because the parameters in the profiles/audio/avrcp.c files were not validated for their length...

CVE-2026-28528

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...

EUVD-2026-17085

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...

EUVD-2026-17087

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GETPLAYERAPPLICATIONSETTINGATTRIBUTETEXT and GETPLAYERAPPLICATIONSETTINGVALUETEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paire...

CVE-2026-28528

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...

CVE-2026-28527 BlueKitchen BTstack < 1.8.1 AVRCP Controller GET_PLAYER_APPLICATION_SETTING_*_TEXT Handlers OOB Read

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GETPLAYERAPPLICATIONSETTINGATTRIBUTETEXT and GETPLAYERAPPLICATIONSETTINGVALUETEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paire...

CVE-2026-28527 BlueKitchen BTstack < 1.8.1 AVRCP Controller GET_PLAYER_APPLICATION_SETTING_*_TEXT Handlers OOB Read

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GETPLAYERAPPLICATIONSETTINGATTRIBUTETEXT and GETPLAYERAPPLICATIONSETTINGVALUETEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paire...

CVE-2026-28526

CVE-2026-28526 affects BlueKitchen BTstack versions prior to 1.8.1. The AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers have an out-of-bounds read that can be triggered by a nearby attacker with a paired Bluetooth Classic connection....

CVE-2026-28526

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...

CVE-2026-28526 BlueKitchen BTstack < 1.8.1 AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_* Handlers OOB Read

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...

CVE-2026-28526 BlueKitchen BTstack < 1.8.1 AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_* Handlers OOB Read

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...

BTstack 安全漏洞

BTstack is an open-source Bluetooth stack implemented by BlueKitchen. Versions of BTstack prior to 1.8.1 contained security vulnerabilities; these vulnerabilities stemmed from out-of-bounds read accesses by the AVRCP controller processing program, which could lead to crashes...

MiracleLinux 9 : bluez-5.72-2.el9 (AXSA:2024-9114:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9114:01 advisory. bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 BlueZ: Audio Profile AVRCP...

MiracleLinux 8 : bluez-5.63-5.el8_10.ML.1 (AXSA:2025-9877:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9877:01 advisory. BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability CVE-2023-27349 bluez: audio profile avrcp...

CVE-2022-33280

Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet...

CVE-2025-68474

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrcvendormsg function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRCMINCMDLEN 20 bytes. However, the actual fixed...

CVE-2025-68474 ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrcvendormsg function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRCMINCMDLEN 20 bytes. However, the actual fixed...

CVE-2025-68474 ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrcvendormsg function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRCMINCMDLEN 20 bytes. However, the actual fixed...

CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...

CLSA-2025-1763031616 bluez: Fix of 10 CVEs

CVE-2023-27349: fix crash while handling unsupported events in avrcp - CVE-2023-44431: fix Stack-based buffer overflow and remote code execution vulnerability - CVE-2023-45866: restrict HID connections to avoid unauthorized input injection - CVE-2023-50229: fix heap-based buffer overflow...