Alpine Halo9 Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability

A stack-based buffer overflow vulnerability has been identified in Alpine Halo9 devices, allowing network-adjacent attackers to execute arbitrary code. This issue arises in the PBAP_DecodeVCARD function, where user-supplied data is not properly validated before being copied to a stack-based buffer. To exploit this vulnerability, an attacker must first pair a malicious Bluetooth device with the target system. The executed code runs with root privileges.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device, with the executed code running in the context of the root user.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alpine Halo9 Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

Alpine Halo9

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating