14 matches found
CVE-2026-46532
CVE-2026-46532 describes a heap/out-of-bounds read in Espressif’s ESF-IDF (IoT Development Framework) due to the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd) in bluedroid. Affected versions are 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0. The issue has been patched in 5.2.7, 5.3.6, 5.4.5,...
CVE-2026-45542 ESF-IDF: Heap buffer overflow in protocomm Security2 over Bluetooth
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...
CVE-2026-45541
The CVE describes a NULL-pointer dereference in the WebSocket subprotocol-negotiation path of the esp_http_server component in ESF-IDF. During the WebSocket handshake, parsing the clientS WebSocket Protocol header may dereference a NULL tokenisation result, causing a crash before any application...
PT-2026-48354
Name of the Vulnerable Software and Affected Versions ESF-IDF version 5.2.6 ESF-IDF version 5.3.5 ESF-IDF version 5.4.4 ESF-IDF version 5.5.3 ESF-IDF version 6.0 Description An out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser within the avrc pars vendor cmd function located ...
CVE-2026-25507
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport protocommble layer. The issue can be triggered by a remote BLE client while the device is in...
CVE-2026-25508
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport protocommble. The issue can be triggered by a remote B...
CVE-2026-25508 ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport protocommble. The issue can be triggered by a remote B...
CVE-2026-25507 ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport protocommble layer. The issue can be triggered by a remote BLE client while the device is in...
CVE-2026-25507 ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport protocommble layer. The issue can be triggered by a remote BLE client while the device is in...
CVE-2026-25532
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...
CVE-2026-25532
CVE-2026-25532 affects Espressif ESP-IDF WPS Enrollee in versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6. A malformed EAP-WSC packet with truncated payload can trigger an integer underflow during fragment length calculation, when processing EAP-Expanded (WSC) messages. The frag_len calculation sub...
CVE-2025-68474 ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrcvendormsg function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRCMINCMDLEN 20 bytes. However, the actual fixed...
PT-2025-53611
Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.5.1 through 5.1.6 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, contains a flaw in the avrc vendor msg function within the BlueDroid AVRCP stack. The function validates the allocated buffer...
CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...