Changes

119 bytes added ,  00:28, 12 October 2022
Line 593: Line 593:     
This can be triggered via an AVRC message with opcode=0x0 (vendor). The above type 0xC is reached via AVRC ctype 0..4, while 0xD is reached with ctype>=0x9.
 
This can be triggered via an AVRC message with opcode=0x0 (vendor). The above type 0xC is reached via AVRC ctype 0..4, while 0xD is reached with ctype>=0x9.
 +
 +
With [15.0.0+] the size value for the memcpy (which is also written to the request struct) is clamped to a max value.
 
| Bluetooth-sysmodule stack buffer overflow on [14.0.0-14.1.2], with data received from an AVRC bluetooth message with a bluetooth-audio device.
 
| Bluetooth-sysmodule stack buffer overflow on [14.0.0-14.1.2], with data received from an AVRC bluetooth message with a bluetooth-audio device.
 
| [[15.0.0]]
 
| [[15.0.0]]