CNNVD-202601-3022 Information
CNNVD ID
CNNVD-202601-3022
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
ESPHome是ESPHome开源的一个配置、管理智能硬件的系统。用于控制Esp8266/Esp32硬件,实现家庭自动化控制。 ESPHome 2025.9.0版本至2025.12.6版本存在输入验证错误漏洞,该漏洞源于API组件的protobuf解码器存在整数溢出,可能导致绕过越界检查并引发拒绝服务攻击。
Description (English)
ESPHome is an ESPHome open source system for configuration and management of smart hardware. For control of Esp8266/Esp32 hardware to automate family control. ESPHome version 2025.9.0 to version 2025.12.6 contains an input validation error loophole resulting from the integer spill of the Protobuf decoder of the API component, which could lead to bypassing cross-border checks and trigger denial of service attacks.
Hazard Level
Medium
Vulnerability Type
输入验证错误
Affected Vendor
ESPHome
Published
2026-01-19
Last Modified
2026-02-24
References
https://esphome.io/guides/security_best_practices https://github.com/esphome/esphome/commit/69d7b6e9210390051318bd8e6410727689de08d6 https://github.com/esphome/esphome/pull/13306 https://github.com/esphome/esphome/security/advisories/GHSA-4h3h-63v6-88qx
Patch
https://github.com/esphome/esphome/releases
Share on: