Buffer overflow in Espressif Esp-idf
CVE-2025-68474
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was vali…
Vulnerability class: Buffer Overflow
EPSS: 0.000 (0.7th percentile) — read the EPSS interpretation.
Affected products
- Espressif Esp-idf — versions >= 5.5-beta1, <= 5.5.1, >= 5.4-beta1, <= 5.4.3, >= 5.3-beta1, <= 5.3.4
Weakness classification (CWE)
References
- https://github.com/espressif/esp-idf/security/advisories/GHSA-43gh-7r4f-qp57 (x_refsource_CONFIRM)
- https://github.com/espressif/esp-idf/commit/0b0b59f2e19cb99dfa1b28c284d1c5c1d276a132 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/565fa98d0cfd58102204c1cb636747e17ee59845 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/8262ee807d5cd425f66304f703eeb3382fb888c0 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/a6c1bc5e3e91ad1cb964ce2c178ee40a5d10a4a0 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/aa0e3d75db995b7137b55349fc92ee684b47092d (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/b9ba1e29b65536ab4b670ac099585d09adce0376 (x_refsource_MISC)