12 matches found
CVE-2026-28526
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...
CVE-2026-28527
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GETPLAYERAPPLICATIONSETTINGATTRIBUTETEXT and GETPLAYERAPPLICATIONSETTINGVALUETEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paire...
EUVD-2026-17085
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...
CVE-2026-28526
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...
CVE-2026-28526
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...
CVE-2026-28526 BlueKitchen BTstack < 1.8.1 AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_* Handlers OOB Read
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...
CVE-2025-66409
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...
CVE-2025-66409
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...
CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...
CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...
CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...
PT-2025-48745
Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.5.1 through 5.1.6 Description ESF-IDF is the Espressif Internet of Things IOT Development Framework. When AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth...