CVE-2026-28527 in BlueKitchen BTstackinformación

Resumen (Inglés)

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paired Bluetooth Classic connection and send specially crafted VENDOR_DEPENDENT responses to trigger out-of-bounds reads, causing information disclosure and potential crashes on affected devices.

Responsable

VulnCheck

Reservar

2026-02-27

Divulgación

2026-03-30

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
354192	BlueKitchen BTstack AVRCP Controller GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT divulgación de información	125	No está definido	Arreglo oficial	CVE-2026-28527

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!