A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.
zephyrproject zephyr