15 matches found
CVE-2026-45328
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...
EUVD-2026-35917
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...
EUVD-2026-35916
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
PT-2026-48349
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parse options in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The...
PT-2026-6314
Name of the Vulnerable Software and Affected Versions Espressif Internet of Things IOT Development Framework versions 5.1.6 through 5.5.2 Description The Espressif Internet of Things IOT Development Framework contains a flaw in the WPS Wi-Fi Protected Setup Enrollee implementation. Malformed...
CVE-2025-68622
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...
Espressif ESP-IDF 资源管理错误漏洞
Espressif ESP-IDF is an IoT development framework from China Loxin Espressif. A resource management error vulnerability exists in versions of Espressif ESP-IDF prior to 1.1.0, which stems from the use of outdated pointers when handling the length of an attacker-controlled report descriptor, which...
CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...
CVE-2025-66409
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...
CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability
ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...
EUVD-2025-197854
ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...
Espressif IoT Development Framework 安全漏洞
Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A security vulnerability exists in the Espressif IoT Development Framework that stems from a memory overflow that could lead to issues with Wi-Fi credential handling and Diffie-Hellman key...
Espressif ESP-IDF 安全漏洞
Espressif ESP-IDF is an Internet of Things IoT development framework from China Loxin Espressif. A security vulnerability exists in Espressif ESP-IDF version 5.3.0, which originates from allowing an attacker to cause a denial of service via specially crafted data channel packets...
Espressif ESP-IDF 安全漏洞
Espressif ESP-IDF is an Internet of Things IoT development framework from China's Lexin Information Technology Espressif. Espressif ESP-IDF suffers from a security vulnerability that stems from a security issue in the commercial BT stack. The vulnerability can be exploited by an attacker to cause...