CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path

Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, calls to hidhostdeviceclose can free the same usbtransfert twice. The USB event callback and user code share the hidifacet state without locking, so both can tear down a READY interface...

CVE-2025-68622

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...

PT-2026-2284

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions prior to 1.1.0 Description The USB Host HID Human Interface Device Driver in ESP-IDF allows access to HID devices. A flaw exists in the usb class request get descriptor function where it frees and reallocates hid...

CVE-2018-18558

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...

CVE-2021-28139

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield...

Espressif ESP-IDF 代码问题漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China Loxin Espressif. A code issue vulnerability exists in Espressif ESP-IDF that stems from improper handling of invalid access addresses, which could lead to advertisement stops and false connection reports...

EUVD-2020-5841

Malware in sbrugna...

EUVD-2021-14835

Malware in sbrugna...

EUVD-2020-5842

Malware in sbrugna...

EUVD-2020-8112

Malware in sbrugna...

EUVD-2021-14838

Malware in sbrugna...

EUVD-2018-10278

Malware in sbrugna...

EUVD-2024-25308

Malicious code in bioql PyPI...

EUVD-2024-31192

Malicious code in bioql PyPI...

EUVD-2025-19059

Malicious code in bioql PyPI...

EUVD-2025-26385

Malicious code in bioql PyPI...

GHSA-MXH2-CCGJ-8635 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

Summary On the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...

CVE-2025-55297 ESF-IDF BluFi Example Memory Overflow Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9...

CVE-2025-52471

ESF-IDF is the Espressif Internet of Things IOT Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficie...

CVE-2025-52471

ESF-IDF is the Espressif Internet of Things IOT Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficie...