{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T13:38:45.491","vulnerabilities":[{"cve":{"id":"CVE-2026-25508","sourceIdentifier":"security-advisories@github.com","published":"2026-02-04T18:16:09.547","lastModified":"2026-02-20T17:13:08.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm_ble). The issue can be triggered by a remote BLE client while the device is in provisioning mode. The transport accumulated prepared-write fragments in a fixed-size buffer but incorrectly tracked the cumulative length. By sending repeated prepare write requests with overlapping offsets, a remote client could cause the reported length to exceed the allocated buffer size. This inflated length was then passed to provisioning handlers during execute-write processing, resulting in an out-of-bounds read and potential memory corruption. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7."},{"lang":"es","value":"ESF-IDF es el Framework de Desarrollo de Internet de las Cosas (IoT) de Espressif. En las versiones 5.5.2, 5.4.3, 5.3.4, 5.2.6 y 5.1.6, se informó una vulnerabilidad de lectura fuera de límites en el manejo de BLE ATT Prepare Write del transporte de aprovisionamiento BLE (protocomm_ble). El problema puede ser activado por un cliente BLE remoto mientras el dispositivo está en modo de aprovisionamiento. El transporte acumuló fragmentos de escritura preparada en un búfer de tamaño fijo pero rastreó incorrectamente la longitud acumulativa. Al enviar solicitudes repetidas de escritura preparada con desplazamientos superpuestos, un cliente remoto podría hacer que la longitud informada excediera el tamaño del búfer asignado. Esta longitud inflada fue luego pasada a los manejadores de aprovisionamiento durante el procesamiento de ejecución de escritura, resultando en una lectura fuera de límites y potencial corrupción de memoria. Este problema ha sido parcheado en las versiones 5.5.3, 5.4.4, 5.3.5, 5.2.7 y 5.1.7."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:espressif:esp-idf:5.1.6:*:*:*:*:*:*:*","matchCriteriaId":"90D991F0-A03E-44CF-9187-75897399797A"},{"vulnerable":true,"criteria":"cpe:2.3:a:espressif:esp-idf:5.2.6:*:*:*:*:*:*:*","matchCriteriaId":"37A040C2-E9D4-4678-9A10-74B5AEE4901D"},{"vulnerable":true,"criteria":"cpe:2.3:a:espressif:esp-idf:5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"AA4D9168-C8C1-4B1A-81C3-D4888DB36CAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:espressif:esp-idf:5.4.3:*:*:*:*:*:*:*","matchCriteriaId":"7CA4F443-03D3-4B10-909E-A813F72BC08C"},{"vulnerable":true,"criteria":"cpe:2.3:a:espressif:esp-idf:5.5.2:*:*:*:*:*:*:*","matchCriteriaId":"43489143-3F90-42E6-B75F-78CBEAD09C4D"}]}]}],"references":[{"url":"https://github.com/espressif/esp-idf/commit/0540c85140c2c06c0cbecc8843277ea676d5c4a9","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/espressif/esp-idf/commit/1ff264abf2504cade46f0ce3a03f821310bcf6d7","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/espressif/esp-idf/commit/47552ff4fd824caf38215468ebd2f31fb5f36d70","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/espressif/esp-idf/commit/4c3fdcd316f780bab4ae5aa73c9626ea9fe24ac6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/espressif/esp-idf/commit/894c28afe3f2f8f31ff25b64191883517dddb5cf","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/espressif/esp-idf/commit/cde7b7362adc15638c141c249681cbe5d23de663","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/espressif/esp-idf/commit/dba9a7dc01e4dab14c77d328f6a6f46369aeee63","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/espressif/esp-idf/security/advisories/GHSA-9j5x-rf36-54x9","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}