63 matches found
Espressif IoT Development Framework 缓冲区错误漏洞
Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A buffer error vulnerability exists in the Espressif IoT Development Framework versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which originates in the Bluetooth host stack in th...
Espressif IoT Development Framework 缓冲区错误漏洞
Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A buffer error vulnerability exists in Espressif IoT Development Framework versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which stems from insufficient validation of buffer siz...
CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...
CVE-2025-66409
CVE-2025-66409 affects ESP-IDF where AVRCP handling on ESP32 can read memory out-of-bounds due to insufficient validation of the VENDOR DEPENDENT command length. Affected versions include 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6 and earlier. Qualitative impact is memory exposure or unexpected behavior f...
CVE-2025-65092
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...
CVE-2025-65092
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...
EUVD-2025-198514
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...
Espressif IoT Development Framework 数字错误漏洞
Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A numeric error vulnerability exists in the Espressif IoT Development Framework versions 5.5.1, 5.4.3, and 5.3.4, which stems from a lack of validation of the JPEG decoder and could lead to...
CVE-2025-64342
CVE-2025-64342 affects ESF-IDF (Espressif IoT Development Framework) used with ESP32 Bluetooth controller. When in advertising mode, receiving a connection request with an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF may cause advertising to stop unexpectedly and the controller to repo...
PT-2025-47184
Name of the Vulnerable Software and Affected Versions ESF-IDF versions prior to 5.1.7 ESF-IDF versions prior to 5.2.6 ESF-IDF versions prior to 5.3.5 ESF-IDF versions prior to 5.4.3 ESF-IDF versions prior to 5.5.2 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, is...
EUVD-2025-25514
Malicious code in bioql PyPI...
CVE-2025-57808 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correc...
CVE-2025-55297
ESF-IDF is the Espressif Internet of Things IOT Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9...
ESP-IDF 数字错误漏洞
ESP-IDF is an Espressif open source development framework for Espressif SoCs supported on Windows, Linux and macOS. A numeric error vulnerability exists in ESP-IDF versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6, which stems from an integer underflow in the ESP-NOW protocol implementation that could lead...
CVE-2024-53406
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...
Espressif ESP-IDF 安全漏洞
Espressif ESP-IDF is an Internet of Things IoT development framework from China Loxin Espressif. A security vulnerability exists in Espressif ESP-IDF, which stems from the fact that the encrypted output becomes deterministic if the IV is not properly initialized, leading to a potential data leak...
ESP-IDF 安全漏洞
ESP-IDF is an Espressif open source development framework for Espressif SoCs supported on Windows, Linux and macOS. A security vulnerability exists in ESP-IDF version v.5.1, which stems from the presence of a buffer overflow vulnerability that could allow a remote attacker to obtain sensitive...
PT-2024-25269 · Espressif · Esp-Idf
Name of the Vulnerable Software and Affected Versions: esp-idf version 5.1 Description: A Buffer Overflow issue allows a remote attacker to obtain sensitive information via the externalId component. Recommendations: For esp-idf version 5.1, at the moment, there is no information about a newer...
ESP-IDF 安全漏洞
ESP-IDF is an open source development framework for Espressif SoCs supported on Windows, Linux and macOS by Espressif Systems. ESP-IDF has a security vulnerability that stems from the presence of a TOCTOU vulnerability. The vulnerability allows an attacker with physical access to the device's fla...
Espressif ESP-IDF 缓冲区错误漏洞
Espressif ESP-IDF is an IoT development framework from China Lexin Information Technology Espressif.A memory corruption vulnerability exists in Espressif ESP-IDF, which stems from not checking the SegN field of the Transaction Start PDU, and can be exploited by an attacker during configuration to...