BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior

Description

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state.

Affected Products

Vendor	Product	Versions
bluekitchen	btstack	0

References

https://github.com/bluekitchen/btstack/releases/tag/v1.8.1(release-notes, patch)
https://www.vulncheck.com/advisories/bluekitchen-btstack-avrcp-browsing-target-get-folder-items-handler-oob-read-undefined-behavior(third-party-advisory)

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-28528 | BlueKitchen BTstack up to 1.8.0 AVRCP Browsing Target attr_id out-of-bounds

→ No new info (linked only)

CVSS 3.10.0 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available1.8.1

CWECWE-125, CWE-758

Published3/30/2026

Last enriched2h agov2

Trending Score20

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated affected versions to include 1.8.0, changed severity to HIGH, and noted that no exploit exists.

affectedVersionsseveritycvssEstimatepatchAvailable

via VulDB

v12h ago

Initial creation

BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History