CVE-2026-28528 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to vali…
Low CVSS: 2.1

CVE-2026-28528

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state.
Vendor
Bluekitchen-gmbh
Product
Btstack
CWE
CWE-125
Yayın Tarihi
2026-03-30 14:16:35
Güncelleme
2026-04-06 12:42:11
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-125 Btstack LOW Bluekitchen-gmbh 2026

Referanslar

https://github.com/bluekitchen/btstack/releases/tag/v1.8.1 https://www.vulncheck.com/advisories/bluekitchen-btstack-avrcp-browsing-target-get-folder-items-handler-oob-read-undefined-behavior