CNNVD-202601-1828 Information
CNNVD ID
CNNVD-202601-1828
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
Espressif ESP-IDF是中国乐鑫(Espressif)公司的一款物联网开发框架。 Espressif ESP-IDF 1.1.0之前版本存在资源管理错误漏洞,该漏洞源于处理攻击者控制的报告描述符长度时使用过时指针,可能导致释放后重用。
Description (English)
Espressif ESP-IDF is a framework for networking development of a piece of the Chinese company Espressif. The previous version of Espressif ESP-IDF 1.1.0 had an error in resource management, which stemmed from the use of outdated indicators when dealing with the length of the attacker ’ s report description, which could lead to reuse after release.
Hazard Level
High
Vulnerability Type
资源管理错误
Affected Vendor
乐鑫
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/espressif/esp-usb/security/advisories/GHSA-2pm2-62mr-c9x7 https://github.com/espressif/esp-usb/commit/81b37c96593c0bec92ef14c6ee6bf8cab8d8f660 https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.0/changelog https://access.redhat.com/security/cve/cve-2025-68656
Patch
https://github.com/espressif/esp-usb
Share on: