Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-45328

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 12:34 a.m.9 views

CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS5.4AI score0.00117EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:34 a.m.12 views

EUVD-2026-35917

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS5.4AI score0.00117EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:33 a.m.12 views

EUVD-2026-35916

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48349

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parse options in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The...

6.5CVSS5.6AI score0.00246EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.8 views

PT-2026-6314

Name of the Vulnerable Software and Affected Versions Espressif Internet of Things IOT Development Framework versions 5.1.6 through 5.5.2 Description The Espressif Internet of Things IOT Development Framework contains a flaw in the WPS Wi-Fi Protected Setup Enrollee implementation. Malformed...

6.3CVSS5.6AI score0.00213EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-68622

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...

6.8CVSS7AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.5 views

Espressif ESP-IDF 资源管理错误漏洞

Espressif ESP-IDF is an IoT development framework from China Loxin Espressif. A resource management error vulnerability exists in versions of Espressif ESP-IDF prior to 1.1.0, which stems from the use of outdated pointers when handling the length of an attacker-controlled report descriptor, which...

6.8CVSS6.6AI score0.00183EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/26 11:54 p.m.21 views

CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...

0.00377EPSS
Exploits0References8
NVD
NVD
added 2025/12/02 7:15 p.m.6 views

CVE-2025-66409

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...

9.1CVSS0.00554EPSS
Exploits0References7
OSV
OSV
added 2025/11/17 5:21 p.m.6 views

CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...

6.9CVSS6.8AI score0.00356EPSS
Exploits0References9
EUVD
EUVD
added 2025/11/17 5:21 p.m.4 views

EUVD-2025-197854

ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...

6.9CVSS6.3AI score0.00356EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.5 views

Espressif IoT Development Framework 安全漏洞

Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A security vulnerability exists in the Espressif IoT Development Framework that stems from a memory overflow that could lead to issues with Wi-Fi credential handling and Diffie-Hellman key...

8.8CVSS7AI score0.00321EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.6 views

Espressif ESP-IDF 安全漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China Loxin Espressif. A security vulnerability exists in Espressif ESP-IDF version 5.3.0, which originates from allowing an attacker to cause a denial of service via specially crafted data channel packets...

7.5CVSS6.6AI score0.00513EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/09/03 12:0 a.m.4 views

Espressif ESP-IDF 安全漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China's Lexin Information Technology Espressif. Espressif ESP-IDF suffers from a security vulnerability that stems from a security issue in the commercial BT stack. The vulnerability can be exploited by an attacker to cause...

6.5CVSS7AI score0.00854EPSS
Exploits0References8
Rows per page
Query Builder