CVE-2026-28526 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and L…
Low CVSS: 2.1

CVE-2026-28526

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth Classic connection can send a specially crafted VENDOR_DEPENDENT response with an attacker-controlled count value to trigger an out-of-bounds read from the L2CAP receive buffer, potentially causing a crash on resource-constrained devices.
Vendor
Bluekitchen-gmbh
Product
Btstack
CWE
CWE-125
Yayın Tarihi
2026-03-30 14:16:34
Güncelleme
2026-04-03 15:58:18
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-125 Btstack LOW Bluekitchen-gmbh 2026

Referanslar

https://github.com/bluekitchen/btstack/releases/tag/v1.8.1 https://www.vulncheck.com/advisories/bluekitchen-btstack-avrcp-controller-list-player-application-setting-handlers-oob-read