BlueKitchen BTstack < 1.8.1 AVRCP Controller GET_PLAYER_APPLICATION_SETTING_*_TEXT Handlers OOB Read

Description

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paired Bluetooth Classic connection and send specially crafted VENDOR_DEPENDENT responses to trigger out-of-bounds reads, causing information disclosure and potential crashes on affected devices.

Affected Products

Vendor	Product	Versions
bluekitchen	btstack	0

References

https://github.com/bluekitchen/btstack/releases/tag/v1.8.1(release-notes, patch)
https://www.vulncheck.com/advisories/bluekitchen-btstack-avrcp-controller-get-player-application-setting-text-handlers-oob-read(third-party-advisory)

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-28527 | BlueKitchen BTstack up to 1.8.0 AVRCP Controller out-of-bounds

→ No new info (linked only)

CVSS 3.13.5 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available1.8.1

CWECWE-125

Published3/30/2026

Last enriched4h agov2

Trending Score20

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated affected versions to include 1.8.0, changed severity to HIGH, and noted that no exploit is available.

affectedVersionsseverity

via VulDB

v14h ago

Initial creation

BlueKitchen BTstack < 1.8.1 AVRCP Controller GET_PLAYER_APPLICATION_SETTING_*_TEXT Handlers OOB Read

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History