CNNVD-202602-600 Information

Feb 04, 2026 cve

CNNVD ID

CNNVD-202602-600

CVE-2026-25508

  • CNNVD Published: 2026-02-04

Description (Chinese)

Espressif ESP-IDF是中国乐鑫(Espressif)公司的一款物联网开发框架。 Espressif ESP-IDF 5.5.2版本、5.4.3版本、5.3.4版本、5.2.6版本和5.1.6版本存在缓冲区错误漏洞,该漏洞源于BLE ATT Prepare Write处理存在越界读取问题,可能导致内存损坏。

Description (English)

Espressif ESP-IDF is a framework for networking development of a piece of the Chinese company Espressif. Espressif ESP-IDF version 5.5.2, version 5.4.3, version 5.3.4, version 5.2.6 and version 5.1.6 contain a buffer zone error loophole stemming from BLE ATT Prepare Write ’ s handling of cross-border reading problems that may cause memory damage.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

乐鑫

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/espressif/esp-idf/commit/0540c85140c2c06c0cbecc8843277ea676d5c4a9 https://github.com/espressif/esp-idf/commit/cde7b7362adc15638c141c249681cbe5d23de663 https://github.com/espressif/esp-idf/commit/1ff264abf2504cade46f0ce3a03f821310bcf6d7 https://github.com/espressif/esp-idf/commit/dba9a7dc01e4dab14c77d328f6a6f46369aeee63 https://github.com/espressif/esp-idf/commit/47552ff4fd824caf38215468ebd2f31fb5f36d70 https://github.com/espressif/esp-idf/security/advisories/GHSA-9j5x-rf36-54x9 https://github.com/espressif/esp-idf/commit/4c3fdcd316f780bab4ae5aa73c9626ea9fe24ac6 https://github.com/espressif/esp-idf/commit/894c28afe3f2f8f31ff25b64191883517dddb5cf https://access.redhat.com/security/cve/cve-2026-25508

Patch

https://github.com/espressif/esp-idf/releases

Share on: