CNNVD-202602-599 Information
CNNVD ID
CNNVD-202602-599
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
Espressif ESP-IDF是中国乐鑫(Espressif)公司的一款物联网开发框架。 Espressif ESP-IDF 5.5.2版本、5.4.3版本、5.3.4版本、5.2.6版本和5.1.6版本存在数字错误漏洞,该漏洞源于WPS注册实现处理畸形EAP-WSC数据包时存在整数下溢,可能导致传递极大无符号值。
Description (English)
Espressif ESP-IDF is a framework for networking development of a piece of the Chinese company Espressif. Espressif ESP-IDF version 5.5.2, version 5.4.3, version 5.3.4, version 5.2.6 and version 5.1.6 contain a digital error gap resulting from the integer spill in the WPS registration of the processing of the malformation EAP-WSC data package, which may result in the transmission of a very high unsigned value.
Hazard Level
High
Vulnerability Type
数字错误
Affected Vendor
乐鑫
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/espressif/esp-idf/commit/73a587d42a57ece1962b6a4c530b574600650f63 https://github.com/espressif/esp-idf/commit/60f992a26de17bb5406f2149a2f8282dd7ad1c59 https://github.com/espressif/esp-idf/commit/b209fae993d795255827ce6b2b0d6942a377f5d4 https://github.com/espressif/esp-idf/security/advisories/GHSA-m2h2-683f-9mw7 https://github.com/espressif/esp-idf/commit/de28801e8ea6a736b6f0db6fc0c682739363bb41 https://github.com/espressif/esp-idf/commit/cad36beb4cde27abcf316cd90d8d8dddbc6f213a https://github.com/espressif/esp-idf/commit/6f6766f917bc940ffbcc97eac4765a6ab15d5f79 https://github.com/espressif/esp-idf/commit/b88befde6b5addcdd8d7373ce55c8052dea1e855 https://access.redhat.com/security/cve/cve-2026-25532
Patch
https://github.com/espressif/esp-idf/releases
Share on: