Lucene search
+L

35 matches found

redhatcve
redhatcve
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42854

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS6AI score0.00571EPSS
Exploits1References1
nvd
nvd
added 2026/05/12 10:16 p.m.18 views

CVE-2026-42855

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS0.00351EPSS
Exploits1References1
nvd
nvd
added 2026/05/12 10:16 p.m.31 views

CVE-2026-42854

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS0.00571EPSS
Exploits1References1
cve
cve
added 2026/05/12 9:56 p.m.27 views

CVE-2026-42854

Summary: The Arduino-ESP32 core is affected by a stack overflow in the WebServer multipart boundary parser. A boundary derived from the HTTP header (Content-Type: multipart/form-data; boundary=...) with length > ~8000 can overflow the 8192-byte loopTask stack, potentially enabling remote code ...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2026/05/12 9:56 p.m.18 views

CVE-2026-42854 arduino-esp32: Stack buffer overflow in WebServer multipart boundary parsing leads to remote crash potential RCE

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1
osv
osv
added 2026/05/12 9:56 p.m.3 views

CVE-2026-42854 arduino-esp32: Stack buffer overflow in WebServer multipart boundary parsing leads to remote crash potential RCE

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS6.3AI score0.00571EPSS
Exploits1References3
cvelist
cvelist
added 2026/05/12 9:56 p.m.46 views

CVE-2026-42854 arduino-esp32: Stack buffer overflow in WebServer multipart boundary parsing leads to remote crash potential RCE

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS0.00571EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/05/12 9:56 p.m.9 views

CVE-2026-42855

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS5.8AI score0.00351EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/05/12 9:56 p.m.36 views

CVE-2026-42855 arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS0.00351EPSS
Exploits1References1
osv
osv
added 2026/05/12 9:56 p.m.4 views

CVE-2026-42855 arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS6AI score0.00351EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/05/12 9:56 p.m.12 views

CVE-2026-42855 arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS5.8AI score0.00351EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/05/12 12:0 a.m.17 views

PT-2026-40454

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array VLA on the stack whose size is derived from an attacker-controlled HTTP head...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.10 views

arduino-esp32 安全漏洞

Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained a security vulnerability. This vulnerability stemmed from the WebServer multi-part form parser’s...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1
cvelist
cvelist
added 2026/04/24 7:19 p.m.36 views

CVE-2026-41429 Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin..., the device listens on UDP...

8.8CVSS0.00307EPSS
Exploits1References1
cve
cve
added 2026/04/24 7:19 p.m.50 views

CVE-2026-41429

CVE-2026-41429 affects the arduino-esp32 core (ESP32/ESP32-S2/ESP32-S3/ESP32-C3/ESP32-C6/ESP32-H2). The issue is a memory corruption in NBNS packet handling when NetBIOS is enabled via NBNS.begin(...); the code path listens on UDP port 137 and processes untrusted NBNS requests. The request parser...

8.8CVSS5.6AI score0.00307EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/04/24 7:19 p.m.3 views

CVE-2026-41429 Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin..., the device listens on UDP...

8.8CVSS6AI score0.00307EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/04/24 12:0 a.m.11 views

arduino-esp32 安全漏洞

Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained a security vulnerability. This vulnerability stemmed from a remote exploitable memory corruption...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.13 views

EUVD-2024-41606

Malicious code in bioql PyPI...

9.9CVSS6.6AI score0.00769EPSS
Exploits0References5
cvelist
cvelist
added 2025/07/07 7:26 p.m.15 views

CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

8.7CVSS0.00299EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/07/07 12:0 a.m.9 views

PT-2025-28253 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 versions prior to 3.2.1 Description: The issue affects several OTA update examples and the HTTPUpdateServer implementation in the arduino-esp32 core, allowing an attacker to upload and execute arbitrary firmware due to a lack of...

8.7CVSS8AI score0.00299EPSS
Exploits0References6
Rows per page
Query Builder