Lucene search
+L

63 matches found

CNNVD
CNNVD
added 2025/12/27 12:0 a.m.6 views

Espressif IoT Development Framework 缓冲区错误漏洞

Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A buffer error vulnerability exists in the Espressif IoT Development Framework versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which originates in the Bluetooth host stack in th...

8.6CVSS6.8AI score0.00377EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.6 views

Espressif IoT Development Framework 缓冲区错误漏洞

Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A buffer error vulnerability exists in Espressif IoT Development Framework versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which stems from insufficient validation of buffer siz...

7.6CVSS6.9AI score0.003EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/12/26 11:54 p.m.3 views

CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...

6.6AI score0.00377EPSS
Exploits0References8
CVE
CVE
added 2025/12/02 6:9 p.m.24 views

CVE-2025-66409

CVE-2025-66409 affects ESP-IDF where AVRCP handling on ESP32 can read memory out-of-bounds due to insufficient validation of the VENDOR DEPENDENT command length. Affected versions include 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6 and earlier. Qualitative impact is memory exposure or unexpected behavior f...

9.1CVSS6.8AI score0.00554EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/27 7:0 a.m.12 views

CVE-2025-65092

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

6.9CVSS6.9AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 10:16 p.m.7 views

CVE-2025-65092

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

6.9CVSS0.0032EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/21 9:33 p.m.5 views

EUVD-2025-198514

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

6.9CVSS6.5AI score0.0032EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.11 views

Espressif IoT Development Framework 数字错误漏洞

Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A numeric error vulnerability exists in the Espressif IoT Development Framework versions 5.5.1, 5.4.3, and 5.3.4, which stems from a lack of validation of the JPEG decoder and could lead to...

6.9CVSS6.6AI score0.0032EPSS
Exploits0References6
CVE
CVE
added 2025/11/17 5:21 p.m.34 views

CVE-2025-64342

CVE-2025-64342 affects ESF-IDF (Espressif IoT Development Framework) used with ESP32 Bluetooth controller. When in advertising mode, receiving a connection request with an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF may cause advertising to stop unexpectedly and the controller to repo...

6.9CVSS6.5AI score0.00389EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.5 views

PT-2025-47184

Name of the Vulnerable Software and Affected Versions ESF-IDF versions prior to 5.1.7 ESF-IDF versions prior to 5.2.6 ESF-IDF versions prior to 5.3.5 ESF-IDF versions prior to 5.4.3 ESF-IDF versions prior to 5.5.2 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, is...

6.9CVSS6.6AI score0.00389EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25514

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.00321EPSS
Exploits0References13
Cvelist
Cvelist
added 2025/09/02 12:26 a.m.10 views

CVE-2025-57808 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correc...

8.1CVSS0.01514EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/23 3:10 p.m.7 views

CVE-2025-55297

ESF-IDF is the Espressif Internet of Things IOT Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9...

7.7CVSS6.3AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.6 views

ESP-IDF 数字错误漏洞

ESP-IDF is an Espressif open source development framework for Espressif SoCs supported on Windows, Linux and macOS. A numeric error vulnerability exists in ESP-IDF versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6, which stems from an integer underflow in the ESP-NOW protocol implementation that could lead...

9.8CVSS6.7AI score0.00741EPSS
Exploits0References8
OSV
OSV
added 2025/03/13 12:0 a.m.5 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS7AI score0.00594EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.6 views

Espressif ESP-IDF 安全漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China Loxin Espressif. A security vulnerability exists in Espressif ESP-IDF, which stems from the fact that the encrypted output becomes deterministic if the IV is not properly initialized, leading to a potential data leak...

8.7CVSS6.7AI score0.00571EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.4 views

ESP-IDF 安全漏洞

ESP-IDF is an Espressif open source development framework for Espressif SoCs supported on Windows, Linux and macOS. A security vulnerability exists in ESP-IDF version v.5.1, which stems from the presence of a buffer overflow vulnerability that could allow a remote attacker to obtain sensitive...

8.1CVSS6.9AI score0.00954EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.6 views

PT-2024-25269 · Espressif · Esp-Idf

Name of the Vulnerable Software and Affected Versions: esp-idf version 5.1 Description: A Buffer Overflow issue allows a remote attacker to obtain sensitive information via the externalId component. Recommendations: For esp-idf version 5.1, at the moment, there is no information about a newer...

8.1CVSS6.8AI score0.00954EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.9 views

ESP-IDF 安全漏洞

ESP-IDF is an open source development framework for Espressif SoCs supported on Windows, Linux and macOS by Espressif Systems. ESP-IDF has a security vulnerability that stems from the presence of a TOCTOU vulnerability. The vulnerability allows an attacker with physical access to the device's fla...

6.1CVSS5.9AI score0.00208EPSS
Exploits2References9
CNNVD
CNNVD
added 2022/06/25 12:0 a.m.7 views

Espressif ESP-IDF 缓冲区错误漏洞

Espressif ESP-IDF is an IoT development framework from China Lexin Information Technology Espressif.A memory corruption vulnerability exists in Espressif ESP-IDF, which stems from not checking the SegN field of the Transaction Start PDU, and can be exploited by an attacker during configuration to...

8.8CVSS5.7AI score0.00521EPSS
Exploits0References2
Rows per page
Query Builder