CVE-2026-28526 in BlueKitchen BTstack情報

要約 (英語)

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth Classic connection can send a specially crafted VENDOR_DEPENDENT response with an attacker-controlled count value to trigger an out-of-bounds read from the L2CAP receive buffer, potentially causing a crash on resource-constrained devices.

責任者

VulnCheck

予約する

2026年02月27日

公開

2026年03月30日

エントリ

VulDB provides additional information and datapoints for this CVE:

識別子	脆弱性	CWE	悪用可	対策	CVE
354191	BlueKitchen BTstack AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_VALUES 情報漏えい	125	未定義	公式な修正	CVE-2026-28526

説明

CPE

CWE

CVSS

エクスプロイト

履歴

差分

リンクする

脅威インテリジェンス

API JSON

API XML

API CSV

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!