CNNVD-202601-1832 Information
CNNVD ID
CNNVD-202601-1832
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
Espressif ESP-IDF是中国乐鑫(Espressif)公司的一款物联网开发框架。 Espressif ESP-IDF 2.4.0之前版本存在安全漏洞,该漏洞源于配置描述符解析时未验证长度值,可能导致栈缓冲区溢出。
Description (English)
Espressif ESP-IDF is a framework for networking development of a piece of the Chinese company Espressif. There was a security loophole in the pre-Espressif ESP-IDF 2.4.0 version, which stemmed from the failure to verify the length value at the time of the configuration description decomposition, which could lead to a spill out of the fence.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
乐鑫
Published
2026-01-12
Last Modified
2026-02-24
References
https://components.espressif.com/components/espressif/usb_host_uvc/versions/2.4.0/changelog https://github.com/espressif/esp-usb/commit/77a38b15a17f6e3c7aeb620eb4aeaf61d5194cc0 https://github.com/espressif/esp-usb/security/advisories/GHSA-g65h-9ggq-9827
Patch
https://github.com/espressif/esp-usb
Share on: