CNNVD-202508-2616 Information
CNNVD ID
CNNVD-202508-2616
Related CVE
- CNNVD Published: 2025-08-21
Description (Chinese)
Espressif IoT Development Framework是Espressif Systems开源的一个物联网开发框架。 Espressif IoT Development Framework 存在安全漏洞,该漏洞源于内存溢出,可能导致Wi-Fi凭据处理和Diffie–Hellman密钥交换问题。
Description (English)
Espressif IoT Development Platform is an open-source network development framework for Espressif Systems. There is a security loophole in Espresif IoT Development Platform, which originates from a spill of memory and may lead to Wi-Fi processing and Diffie-Hellman key exchange problems.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Espressif Systems
Published
2025-08-21
Last Modified
2026-02-24
References
https://github.com/espressif/esp-idf/security/advisories/GHSA-9w88-r2vm-qfc4 https://github.com/espressif/esp-idf/commit/f77da0d5b5382635c99e6708551b73802ad1213d https://github.com/espressif/esp-idf/commit/f40aa9c587a8e570dfde2e6330382dcd170d5a5d https://github.com/espressif/esp-idf/commit/e65cf7ea2a2be52219ec9d4efc44aed5e490e91c https://github.com/espressif/esp-idf/commit/cc00e9f2fc4f7e8fbaff27851b4a8b45fa483501 https://github.com/espressif/esp-idf/commit/cb6929a2e6f2ff130b742332dc15eb23006c7cc9 https://github.com/espressif/esp-idf/commit/bf50c0c197af30990026c8f8286298d2aa5a3c99 https://github.com/espressif/esp-idf/commit/b1657d9dd4d0e48ed25e02cb8fe8413f479a2a84 https://github.com/espressif/esp-idf/commit/abc18e93eb3500dbec74c3e589671ef82c8b3919 https://github.com/espressif/esp-idf/commit/9cb7206d4ae8fd8f4296cd57d6c78a1656f42efa https://github.com/espressif/esp-idf/commit/5f93ec3b11b6115475c34de57093b3672d594e8f https://github.com/espressif/esp-idf/commit/3fc6c93936077cb1659e1f0e0268e62cf6423e9d https://github.com/espressif/esp-idf/commit/12b7a9e6d78012ab9184b7ccdb5524364bf7e345 https://nvd.nist.gov/vuln/detail/CVE-2025-55297
Patch
https://github.com/espressif/esp-idf/security/advisories/GHSA-9w88-r2vm-qfc4
Share on: