Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

BTstack

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-28528
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.1||LOW
EPSS-0.02% / 4.70%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 14:08
Updated-06 Apr, 2026 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state.

Action-Not Available
Vendor-bluekitchen-gmbhBlueKitchen GmbH
Product-btstackBTstack
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVE-2026-28527
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.1||LOW
EPSS-0.02% / 6.53%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 14:07
Updated-03 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BlueKitchen BTstack < 1.8.1 AVRCP Controller GET_PLAYER_APPLICATION_SETTING_*_TEXT Handlers OOB Read

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paired Bluetooth Classic connection and send specially crafted VENDOR_DEPENDENT responses to trigger out-of-bounds reads, causing information disclosure and potential crashes on affected devices.

Action-Not Available
Vendor-bluekitchen-gmbhBlueKitchen GmbH
Product-btstackBTstack
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-28526
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-2.1||LOW
EPSS-0.02% / 6.08%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 14:06
Updated-03 Apr, 2026 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BlueKitchen BTstack < 1.8.1 AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_* Handlers OOB Read

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth Classic connection can send a specially crafted VENDOR_DEPENDENT response with an attacker-controlled count value to trigger an out-of-bounds read from the L2CAP receive buffer, potentially causing a crash on resource-constrained devices.

Action-Not Available
Vendor-bluekitchen-gmbhBlueKitchen GmbH
Product-btstackBTstack
CWE ID-CWE-125
Out-of-bounds Read