Espressif

Esp-idf

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2025-68473

  • EPSS 0.38%
  • Veröffentlicht 26.12.2025 23:54:47
  • Zuletzt bearbeitet 22.01.2026 16:01:58

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[3...

9.1

CVE-2025-66409

  • EPSS 0.53%
  • Veröffentlicht 02.12.2025 18:09:03
  • Zuletzt bearbeitet 13.02.2026 16:12:30

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stac...

6.9

CVE-2025-65092

  • EPSS 0.31%
  • Veröffentlicht 21.11.2025 21:33:03
  • Zuletzt bearbeitet 15.04.2026 00:35:42

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPE...

6.9

CVE-2025-64342

  • EPSS 0.35%
  • Veröffentlicht 17.11.2025 17:21:01
  • Zuletzt bearbeitet 15.04.2026 00:35:42

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpected...

8.8

CVE-2025-55297

  • EPSS 0.32%
  • Veröffentlicht 21.08.2025 15:15:33
  • Zuletzt bearbeitet 22.01.2026 16:04:06

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5...

9.8

CVE-2025-52471

  • EPSS 0.74%
  • Veröffentlicht 24.06.2025 19:53:06
  • Zuletzt bearbeitet 22.01.2026 16:05:44

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ES...

8.8

CVE-2024-53406

Exploit
  • EPSS 0.59%
  • Veröffentlicht 13.03.2025 17:15:33
  • Zuletzt bearbeitet 31.12.2025 01:04:08

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute secur...

6.6

CVE-2024-53845

  • EPSS 0.56%
  • Veröffentlicht 12.12.2024 02:15:29
  • Zuletzt bearbeitet 15.04.2026 00:35:42

ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8....

7.5

CVE-2024-51428

  • EPSS 0.51%
  • Veröffentlicht 07.11.2024 18:15:17
  • Zuletzt bearbeitet 14.01.2026 15:42:13

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet.

8.1

CVE-2024-33453

  • EPSS 0.95%
  • Veröffentlicht 17.10.2024 22:15:03
  • Zuletzt bearbeitet 31.12.2025 01:16:35

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.