CVE-2026-28527
BlueKitchen BTstack before 1.8.1 has an out-of-bounds read in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers. An adjacent attacker with Bluetooth Classic pairing can send crafted VENDOR_DEPENDENT responses to trigger reads...