Buffer overflow in Espressif Esp-idf

CVE-2025-68473

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (7.7th percentile) — read the EPSS interpretation.

Affected products

Espressif Esp-idf — versions >= 5.5-beta1, <= 5.5.1, >= 5.4-beta1, <= 5.4.3, >= 5.3-beta1, <= 5.3.4

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

https://github.com/espressif/esp-idf/security/advisories/GHSA-hmjj-rjvv-w8pq (x_refsource_CONFIRM)
https://github.com/espressif/esp-idf/commit/3286e45349b0b5c2b1422ef7e8d088b95eef895d (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/4d928f2265c394d2abc85024228e920a5b26bcab (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/5b3185168dae83d42aa0852689422fffd931f16c (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/6453f57a954458ad8ffd6e4bf2d9e76b73fac0f1 (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/6ca6f422dafaffcb88fa56cc458ce92d96be3b2e (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/9889edd799cf369e082df9d01adba961d64693ed (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/ecb86d353640cf1375bf97db32e702ba59c551b6 (x_refsource_MISC)