PT-2026-6299 · Espressif · Espressif Iot Development Framework
Maxime Rossi Bellom
+1
·
Publicado
2026-02-04
·
Atualizado
2026-02-04
·
CVE-2026-25507
CVSS v3.1
6.3
Média
| Vetor | AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Espressif Internet of Things (IOT) Development Framework versions 5.1.6 through 5.5.2
Description
The Espressif Internet of Things (IOT) Development Framework contains a use-after-free issue in the BLE provisioning transport (protocomm ble) layer. This occurs when provisioning is stopped with
keep ble on set to true, freeing internal state and GATT metadata while the BLE stack and GATT services remain active. Subsequent BLE read or write callbacks can then dereference freed memory, potentially leading to invalid memory access triggered by a remote BLE client during provisioning mode.Recommendations
Update to version 5.5.3
Update to version 5.4.4
Update to version 5.3.5
Update to version 5.2.7
Update to version 5.1.7
Exploit
Correção
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Espressif Iot Development Framework