Detections
Analytics
CVE-2025-13834
No Score
Description
This vulnerability is the result of flawed bounds checking during the internal handling of abnormal RFCOMM TEST commands. When the device's control channel (DLCI 0) receives a TEST command with a large length field but an empty payload, its faulty response handler returns a buffer of uninitialized memory. An attacker can exploit this behavior to steal up to 127 bytes of potentially sensitive data, such as the phone number of a user's active call peer, with a single packet. Notably, the mechanism of this vulnerability is closely related to the infamous Heartbleed bug (CVE-2014-0160). Like Heartbleed, this flaw originates from blind trust in a packet's length field without adequate bounds checking, resulting in an out-of-bounds read and unintended memory disclosure.