Primary

Context

BlueKitchen BTstack Out-of-Bounds Read Vulnerability in AVRCP Controller Handlers

Vulnerability

A vulnerability allowing out-of-bounds read has been identified in BlueKitchen BTstack versions prior to 1.8.1. This issue arises in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers, where attackers can read beyond buffer boundaries. The vulnerability can be exploited by a nearby attacker with a paired Bluetooth Classic connection, who sends a specially crafted VENDOR_DEPENDENT response containing an attacker-controlled count value. This triggers the out-of-bounds read from the L2CAP receive buffer, potentially causing a crash on resource-constrained devices.

Impact

Exploitation of this vulnerability can lead to a crash on resource-constrained devices.

Remediation

Users are advised to update to BlueKitchen BTstack version 1.8.1 or later.

Added: Mar 30, 2026, 2:21 PM

Updated: Mar 30, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BlueKitchen BTstack Out-of-Bounds Read Vulnerability in AVRCP Controller Handlers

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating