Integer overflow in Espressif Esp-idf
CVE-2025-52471
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1…
EPSS: 0.017 (82.7th percentile) — read the EPSS interpretation.
Affected products
- Espressif Esp-idf — versions = 5.4.1, = 5.3.3, = 5.2.5
Weakness classification (CWE)
References
- https://github.com/espressif/esp-idf/security/advisories/GHSA-hqhh-cp47-fv5g (x_refsource_CONFIRM)
- https://github.com/espressif/esp-idf/commit/b1a379d57430d265a53aca13d59ddfbf2e7ac409 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/c5fc81917805f99e687c81cc56b68dc5df7ef8b5 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/d4dafbdc3572387cd4f9a62b776580bc4ac3bde7 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/d6ec5a52255b17c1d6ef379e89f9de2c379042f8 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/df7757d8279871fa7a2f42ef3962c6c1ec88b8a2 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/edc227c5eaeced999b5212943a9434379f8aad80 (x_refsource_MISC)