An issue was discovered in bluetoothd in BlueZ through version 5.48. The vulnerability lies in the handling of buffered data where it is possible to cause the server to return more bytes than the buffer actually holds, resulting in leaking arbitrary heap data.