CNNVD-202512-4856 Information
CNNVD ID
CNNVD-202512-4856
Related CVE
- CNNVD Published: 2025-12-27
Description (Chinese)
Espressif IoT Development Framework是Espressif Systems开源的一个物联网开发框架。 Espressif IoT Development Framework 5.5.1版本、5.4.3版本、5.3.4版本、5.2.6版本、5.1.6版本及之前版本存在缓冲区错误漏洞,该漏洞源于AVRCP堆栈中缓冲区大小验证不足,可能导致越界写入和内存损坏。
Description (English)
Espressif IoT Development Platform is an open-source network development framework for Espressif Systems. Espressif Iot Development Platform, version 5.5.1, version 5.4.3, version 5.3.4, version 5.2.6, version 5.1.6 and previous versions contain an error loophole in the buffer zone, which stems from the insufficient verification of the size of the buffer zone in the AVRCP stack and may result in cross-border writing and memory damage.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
Espressif Systems
Published
2025-12-27
Last Modified
2026-02-24
References
https://github.com/espressif/esp-idf/commit/0b0b59f2e19cb99dfa1b28c284d1c5c1d276a132 https://github.com/espressif/esp-idf/commit/565fa98d0cfd58102204c1cb636747e17ee59845 https://github.com/espressif/esp-idf/commit/8262ee807d5cd425f66304f703eeb3382fb888c0 https://github.com/espressif/esp-idf/commit/a6c1bc5e3e91ad1cb964ce2c178ee40a5d10a4a0 https://github.com/espressif/esp-idf/commit/aa0e3d75db995b7137b55349fc92ee684b47092d https://github.com/espressif/esp-idf/commit/b9ba1e29b65536ab4b670ac099585d09adce0376 https://github.com/espressif/esp-idf/security/advisories/GHSA-43gh-7r4f-qp57 https://access.redhat.com/security/cve/cve-2025-68474
Patch
https://github.com/espressif/esp-idf/releases
Share on: