3 matches found
CVE-2026-28526
BlueKitchen BTstack prior to 1.8.1 contains an out-of-bounds read in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers. An adjacent attacker with a paired Bluetooth Classic connection can send a crafted VENDOR_DEPENDENT response wi...
CVE-2026-28528
BlueKitchen BTstack
CVE-2026-28527
BlueKitchen BTstack before 1.8.1 has an out-of-bounds read in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers. An adjacent attacker with Bluetooth Classic pairing can send crafted VENDOR_DEPENDENT responses to trigger reads...