CVE-2026-28528— BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior

BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state.

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

跨界内存读

BTstack 安全漏洞

BTstack是BlueKitchen开源的一个蓝牙堆栈实现。 BTstack 1.8.1之前版本存在安全漏洞，该漏洞源于AVRCP浏览目标处理程序存在越界读取，可能导致崩溃和属性位图状态损坏。

N/A

N/A