Espressif

Esp-idf

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-53406

Exploit
  • EPSS 0.12%
  • Veröffentlicht 13.03.2025 17:15:33
  • Zuletzt bearbeitet 31.12.2025 01:04:08

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute secur...

6.6

CVE-2024-53845

  • EPSS 0.19%
  • Veröffentlicht 12.12.2024 02:15:29
  • Zuletzt bearbeitet 12.12.2024 02:15:29

ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8....

7.5

CVE-2024-51428

  • EPSS 0.07%
  • Veröffentlicht 07.11.2024 18:15:17
  • Zuletzt bearbeitet 14.01.2026 15:42:13

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet.

8.1

CVE-2024-33453

  • EPSS 12.79%
  • Veröffentlicht 17.10.2024 22:15:03
  • Zuletzt bearbeitet 31.12.2025 01:16:35

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.

6.5

CVE-2024-33454

Exploit
  • EPSS 1.12%
  • Veröffentlicht 14.05.2024 15:37:41
  • Zuletzt bearbeitet 31.12.2025 01:16:27

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component.

5.7

CVE-2024-28183

  • EPSS 0.03%
  • Veröffentlicht 25.03.2024 15:15:52
  • Zuletzt bearbeitet 05.12.2025 19:44:41

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with phy...

8.8

CVE-2022-24893

  • EPSS 0.21%
  • Veröffentlicht 25.06.2022 07:15:07
  • Zuletzt bearbeitet 21.11.2024 06:51:20

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transa...

8.8

CVE-2021-28139

  • EPSS 1.56%
  • Veröffentlicht 07.09.2021 07:15:06
  • Zuletzt bearbeitet 21.11.2024 05:59:09

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ...

6.5

CVE-2021-28136

  • EPSS 0.26%
  • Veröffentlicht 07.09.2021 06:15:07
  • Zuletzt bearbeitet 21.11.2024 05:59:09

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption ...

6.5

CVE-2021-28135

  • EPSS 0.28%
  • Veröffentlicht 07.09.2021 06:15:07
  • Zuletzt bearbeitet 21.11.2024 05:59:09

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding th...