CVE-2026-45160

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

CVE-2026-45160

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

CVE-2025-68656

CVE-2025-68656 affects the ESP-IDF USB Host HID Driver. Before 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer while continuing to use a stale local pointer, causing an immediate use-after-free when processing attacker-controlled Report Descriptor lengths....

CVE-2025-68474 ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrcvendormsg function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRCMINCMDLEN 20 bytes. However, the actual fixed...

ESP-IDF 缓冲区错误漏洞

ESP-IDF is an Espressif open source development framework for Espressif SoCs supported on Windows, Linux and macOS. A buffer error vulnerability exists in ESP-IDF versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which stems from insufficient validation of the buffer length when AVR...

CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

ESP-IDF Security Vulnerability

ESP-IDF is an open source development framework for Espressif SoCs supported on Windows, Linux and macOS by Espressif Systems. A security vulnerability exists in ESP-IDF version v.5.1, which stems from the presence of a buffer overflow vulnerability that could allow a remote attacker to execute...

The vulnerability of the Bluetooth Classic environment for developing IoT applications allows a intruder to trigger a service failure.

The vulnerability in the Bluetooth Classic environment for IoT application development, espressif esp-idf, relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure using a specially crafted LMP package...

Espressif ESP-IDF 代码注入漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China's Loxin Information Technology Espressif. A code injection vulnerability exists in the Espressif ESP-IDF that stems from the Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier versions not properly...