CNNVD-202512-176 Information
CNNVD ID
CNNVD-202512-176
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
ESP-IDF是Espressif开源的一个 Windows、Linux 和 macOS 上支持的 Espressif SoC 的开发框架。 ESP-IDF 5.5.1版本、5.4.3版本、5.3.4版本、5.2.6版本、5.1.6版本及之前版本存在缓冲区错误漏洞,该漏洞源于AVRCP启用时缓冲区长度验证不足,可能导致越界读取。
Description (English)
ESP-IDF is the development framework for Espressif SOC supported by Windows, Linux and MacOS. ESP-IDFP version 5.5.1, version 5.4.3, version 5.3.4, version 5.2.6, version 5.1.6 and previous versions contain an error loophole in the buffer zone, which stems from the insufficient verification of the length of the buffer zone at the time of AVRCP ’ s activation and may lead to cross-border access.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
乐鑫
Published
2025-12-02
Last Modified
2026-02-24
References
https://github.com/espressif/esp-idf/commit/075ed218cadb8088155521cd8a795d8a626519fb https://github.com/espressif/esp-idf/commit/2f788e59ee361eee230879ae2ec9cf5c893fe372 https://github.com/espressif/esp-idf/commit/798029129a71c802cff0e75eb59f902bca8f1946 https://github.com/espressif/esp-idf/commit/999710fccf95ae128fe51b5679d6b7c75c50d902 https://github.com/espressif/esp-idf/commit/d5db5f60fc1dcfdd8cd3ee898fdefaa272988ace https://github.com/espressif/esp-idf/commit/daeeba230327176b9627b1caa94acdc54065c4b7 https://github.com/espressif/esp-idf/security/advisories/GHSA-qhf9-vr2h-jh96
Patch
https://github.com/espressif/esp-idf/releases
Share on: