cbcvebase.

Espressif Esp-Idf vulnerabilities

34 known vulnerabilities affecting espressif/esp-idf.

Total CVEs
34
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH14MEDIUM18

Vulnerabilities

Page 1 of 2
CVE-2025-52471P2CRITICALCVSS 9.8v5.1.6v5.2.5+6 more2025-06-24
CVE-2025-52471 [CRITICAL] CWE-191 CVE-2025-52471: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulner ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficient validation of user-supplied data length in the
nvd
CVE-2024-53406P3HIGHCVSS 8.8v5.32025-03-13
CVE-2024-53406 [HIGH] CWE-639 CVE-2024-53406: Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. I Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks.
nvd
CVE-2025-66409P3CRITICALCVSS 9.1≤ 5.1.6≥ 5.2, ≤ 5.2.6+7 more2025-12-02
CVE-2025-66409 [CRITICAL] CWE-125 CVE-2025-66409: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds r
nvd
CVE-2025-68473P3HIGHCVSS 8.6v5.1.6v5.2.6+8 more2025-12-27
CVE-2025-68473 [HIGH] CWE-787 CVE-2025-68473: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUIDs during the SDP (Service Discovery Protocol) process
nvd
CVE-2021-28139P3HIGHCVSS 8.8≤ 4.42021-09-07
CVE-2021-28139 [HIGH] CVE-2021-28139: The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.
nvd
CVE-2022-24893P3HIGHCVSS 8.8v4.1.3v4.2.3+6 more2022-06-25
CVE-2022-24893 [HIGH] CWE-787 CVE-2022-24893: ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining c
nvd
CVE-2026-45328P3HIGHCVSS 8.8v5.5.4v6.0+2 more2026-06-10
CVE-2026-45328 [HIGH] CWE-20 CVE-2026-45328: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the
nvd
CVE-2025-55297P3HIGHCVSS 8.8fixed in 5.0.9≥ 5.1, < 5.1.6+5 more2025-08-21
CVE-2025-55297 [HIGH] CWE-120 CVE-2025-55297: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled i ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9.
nvd
CVE-2024-33453P3HIGHCVSS 8.1v5.12024-10-17
CVE-2024-33453 [HIGH] CWE-120 CVE-2024-33453: Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive informat Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.
nvd
CVE-2025-68474P3HIGHCVSS 7.6v5.1.6v5.2.6+8 more2025-12-27
CVE-2025-68474 [HIGH] CWE-787 CVE-2025-68474: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actual fixed header data written before the vendor payload e
nvd
CVE-2026-45541P3HIGHCVSS 7.5v5.2.6v5.3.5+8 more2026-06-10
CVE-2026-45541 [HIGH] CWE-476 CVE-2026-45541: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp_http_server component. While parsing the client-supplied Sec-WebSocket-Protocol request header during the WebSocket handshake, the tokenisat
nvd
CVE-2019-12587P3HIGHCVSS 8.1≥ 2.0.0, ≤ 4.0.02019-09-04
CVE-2019-12587 [HIGH] CWE-327 CVE-2019-12587: The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 thr The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.
nvd
CVE-2026-25532P3HIGHCVSS 8.0v5.1.6v5.2.6+8 more2026-02-04
CVE-2026-25532 [HIGH] CWE-191 CVE-2026-25532: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS (Wi-Fi Protected Setup) Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during fragment length calculation. When processing EAP-Expande
nvd
CVE-2020-16146P3HIGHCVSS 7.5≥ 2.0.0, ≤ 2.1.1≥ 3.0, ≤ 3.0.9+4 more2021-01-12
CVE-2020-16146 [HIGH] CWE-120 CVE-2020-16146: Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields,
nvd
CVE-2025-65092P3MEDIUMCVSS 6.9v= 5.5.1v= 5.4.3+1 more2025-11-21
CVE-2025-65092 [MEDIUM] CWE-125 CVE-2025-65092: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, a ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has b
nvd
CVE-2025-64342P3MEDIUMCVSS 6.9v>= 5.5-beta1, < 5.5.2v>= 5.4-beta1, < 5.4.3+3 more2025-11-17
CVE-2025-64342 [MEDIUM] CWE-754 CVE-2025-64342: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advert ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly report a connection event to the host, which can cau
nvd
CVE-2024-33454P3MEDIUMCVSS 6.5v5.12024-05-14
CVE-2024-33454 [MEDIUM] CWE-120 CVE-2024-33454: Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code vi Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component.
nvd
CVE-2024-53845P3MEDIUMCVSS 6.6v>= 5.3.0, < 5.3.2v>= 5.2.0, < 5.2.4+2 more2024-12-12
CVE-2024-53845 [MEDIUM] CWE-327 CVE-2024-53845: ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the
nvd
CVE-2026-45542P3HIGHCVSS 7.1v5.2.6v5.3.5+8 more2026-06-10
CVE-2026-45542 [HIGH] CWE-122 CVE-2026-45542: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/protocomm/src/security/security2.c) trusts the length of
nvd
CVE-2024-51428P4HIGHCVSS 7.5v5.32024-11-07
CVE-2024-51428 [HIGH] CWE-770 CVE-2024-51428: An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a craft An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet.
nvd
Espressif Esp-Idf vulnerabilities | cvebase