6 matches found
EUVD-2026-5378
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport protocommble. The issue can be triggered by a remote B...
CVE-2026-25508
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport protocommble. The issue can be triggered by a remote B...
CVE-2026-25508 ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport protocommble. The issue can be triggered by a remote B...
CVE-2026-25507
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport protocommble layer. The issue can be triggered by a remote BLE client while the device is in...
CVE-2026-25507
The CVE concerns ESF-IDF (Espressif IoT Development Framework) with a use-after-free in the BLE provisioning transport (protocomm_ble). Affected versions are 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6. When provisioning is stopped with keep_ble_on = true, internal protocomm_ble state and GATT metadata...
PT-2026-6299
Name of the Vulnerable Software and Affected Versions Espressif Internet of Things IOT Development Framework versions 5.1.6 through 5.5.2 Description The Espressif Internet of Things IOT Development Framework contains a use-after-free issue in the BLE provisioning transport protocomm ble layer...