CNNVD-202512-4855 Information
CNNVD ID
CNNVD-202512-4855
Related CVE
- CNNVD Published: 2025-12-27
Description (Chinese)
Espressif IoT Development Framework是Espressif Systems开源的一个物联网开发框架。 Espressif IoT Development Framework 5.5.1版本、5.4.3版本、5.3.4版本、5.2.6版本、5.1.6版本及之前版本存在缓冲区错误漏洞,该漏洞源于蓝牙主机栈中bta_dm_sdp_result函数使用固定大小数组存储服务UUID,可能导致越界写入。
Description (English)
Espressif IoT Development Platform is an open-source network development framework for Espressif Systems. The Espressif IoT Development Platform version 5.5.1, version 5.4.3, version 5.3.4, version 5.2.6, version 5.1.6 and previous versions contain a buffer zone error loop that stems from the use of the bta dm sdp result function in the bluetooth mainframe to store UUID in fixed size arrays, which may lead to cross-border writing.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
Espressif Systems
Published
2025-12-27
Last Modified
2026-02-24
References
https://github.com/espressif/esp-idf/commit/3286e45349b0b5c2b1422ef7e8d088b95eef895d https://github.com/espressif/esp-idf/commit/4d928f2265c394d2abc85024228e920a5b26bcab https://github.com/espressif/esp-idf/commit/5b3185168dae83d42aa0852689422fffd931f16c https://github.com/espressif/esp-idf/commit/6453f57a954458ad8ffd6e4bf2d9e76b73fac0f1 https://github.com/espressif/esp-idf/commit/6ca6f422dafaffcb88fa56cc458ce92d96be3b2e https://github.com/espressif/esp-idf/commit/9889edd799cf369e082df9d01adba961d64693ed https://github.com/espressif/esp-idf/commit/ecb86d353640cf1375bf97db32e702ba59c551b6 https://github.com/espressif/esp-idf/security/advisories/GHSA-hmjj-rjvv-w8pq https://access.redhat.com/security/cve/cve-2025-68473
Patch
https://github.com/espressif/esp-idf/releases
Share on: