CNNVD-202506-3119 Information
CNNVD ID
CNNVD-202506-3119
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
ESP-IDF是Espressif开源的一个 Windows、Linux 和 macOS 上支持的 Espressif SoC 的开发框架。 ESP-IDF 5.4.1版本、5.3.3版本、5.2.5版本和5.1.6版本存在数字错误漏洞,该漏洞源于ESP-NOW协议实现中存在整数下溢,可能导致越界内存访问和任意内存写入。
Description (English)
ESP-IDF is the development framework for Espressif SOC supported by Windows, Linux and MacOS. There is a digital error loophole in ESP-IDF versions 5.4.1, 5.3.3, 5.2.5 and 5.1.6, which stems from the integer run-down in the realization of the ESP-NOW agreement, which may result in cross-border memory access and arbitrary memory writing.
Hazard Level
Low
Vulnerability Type
数字错误
Affected Vendor
乐鑫
Published
2025-06-24
Last Modified
2026-02-24
References
https://github.com/espressif/esp-idf/commit/edc227c5eaeced999b5212943a9434379f8aad80 https://github.com/espressif/esp-idf/commit/c5fc81917805f99e687c81cc56b68dc5df7ef8b5 https://github.com/espressif/esp-idf/commit/b1a379d57430d265a53aca13d59ddfbf2e7ac409 https://github.com/espressif/esp-idf/commit/df7757d8279871fa7a2f42ef3962c6c1ec88b8a2 https://github.com/espressif/esp-idf/commit/d6ec5a52255b17c1d6ef379e89f9de2c379042f8 https://github.com/espressif/esp-idf/security/advisories/GHSA-hqhh-cp47-fv5g https://github.com/espressif/esp-idf/commit/d4dafbdc3572387cd4f9a62b776580bc4ac3bde7 https://access.redhat.com/security/cve/cve-2025-52471
Patch
https://github.com/espressif/esp-idf/releases
Share on: