UNKNOWNCVE-2026-28528
BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior
Platform
other
Component
btstack
Fixed in
1.8.1
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state.
How to fix
Actualice la biblioteca BTstack a la versión 1.8.1 o posterior. Esta versión contiene la corrección para la vulnerabilidad de lectura fuera de límites en el controlador AVRCP Browsing Target GET_FOLDER_ITEMS.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free