Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 12:35 a.m.7 views

CVE-2026-46532 ESF-IDF: Heap Out-of-Bounds Read in Bluedroid AVRCP Target Parser

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser avrcparsvendorcmd in components/bt/host/bluedroid/stack/avrc/avrcparstg.c. This issue has been patched ...

4.6CVSS5.4AI score0.00228EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48353

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handle session command0 in...

7.1CVSS5.7AI score0.00325EPSS
Exploits0References8
CVE
CVE
added 2026/02/04 5:58 p.m.18 views

CVE-2026-25507

The CVE concerns ESF-IDF (Espressif IoT Development Framework) with a use-after-free in the BLE provisioning transport (protocomm_ble). Affected versions are 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6. When provisioning is stopped with keep_ble_on = true, internal protocomm_ble state and GATT metadata...

6.3CVSS5.5AI score0.00199EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/02/04 5:58 p.m.28 views

CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

6.3CVSS0.00213EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/28 12:42 a.m.6 views

CVE-2025-68473

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...

6.9AI score0.00377EPSS
Exploits0References1
NVD
NVD
added 2025/12/27 12:15 a.m.6 views

CVE-2025-68474

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrcvendormsg function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRCMINCMDLEN 20 bytes. However, the actual fixed...

7.6CVSS0.003EPSS
Exploits0References7
OSV
OSV
added 2025/12/26 11:57 p.m.6 views

CVE-2025-68474 ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrcvendormsg function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRCMINCMDLEN 20 bytes. However, the actual fixed...

6.1CVSS7.5AI score0.003EPSS
Exploits0References9
OSV
OSV
added 2025/12/26 11:54 p.m.7 views

CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...

6.9AI score0.00377EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/12/02 6:9 p.m.9 views

CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...

6.9CVSS0.00554EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/02 6:9 p.m.6 views

CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...

6.9CVSS6.8AI score0.00554EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-54052

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00594EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.7 views

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

7.5CVSS6.7AI score0.00513EPSS
Exploits2References1
CVE
CVE
added 2025/03/13 12:0 a.m.52 views

CVE-2024-53406

CVE-2024-53406 affects Espressif ESP-IDF v5.3.0. The issue is described as insecure permissions that enable authentication bypass, with the reconnection phase reusing a prior session key, creating a foothold for security bypass attacks. The documented CVSS v3.1 base score is 8.8 (HIGH) with netwo...

8.8CVSS7.4AI score0.00594EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/13 12:0 a.m.9 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

6.9AI score0.00594EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/13 12:0 a.m.20 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

0.00594EPSS
Exploits1References2
Rows per page
Query Builder