CNNVD-202506-3324 Information
CNNVD ID
CNNVD-202506-3324
Related CVE
- CNNVD Published: 2025-06-26
Description (Chinese)
arduino-esp32是Espressif开源的一个用于 ESP32、ESP32-S2、ESP32-S3、ESP32-C3、ESP32-C6 和 ESP32-H2 的 Arduino 内核。 arduino-esp32 3.3.0-RC1和3.2.1之前版本存在注入漏洞,该漏洞源于sendHeader函数存在HTTP响应拆分漏洞。
Description (English)
Arduino-essp32 is an ulduino core for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. There was an injection loophole in the pre-esp32 3.3.0-RC1 and 3.2.1 versions, which originated from the sendhead function, where HTTP responded to the split gap.
Hazard Level
Low
Vulnerability Type
注入
Affected Vendor
乐鑫
Published
2025-06-26
Last Modified
2026-02-24
References
https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L504-L521 https://github.com/espressif/arduino-esp32/blob/9e61fa7e4bce59c05cb17c15b11b53b9bafca077/libraries/WebServer/src/WebServer.cpp#L577-L582 https://github.com/espressif/arduino-esp32/commit/21640ac82a1bb5efa8cf0b3841be1ac80add6785 https://github.com/espressif/arduino-esp32/security/advisories/GHSA-5476-9jjq-563m
Patch
https://github.com/espressif/arduino-esp32/releases
Share on: