Ramtine Tofighi Shirazi

**Name of the Vulnerable Software and Affected Versions** Espressif Internet of Things (IOT) Development Framework versions 5.1.6 through 5.5.2 **Description** The Espressif Internet of Things (IOT) Development Framework contains a use-after-free issue in the BLE provisioning transport (protocomm ble) layer. This occurs when provisioning is stopped with `keep ble on` set to true, freeing internal state and GATT metadata while the BLE stack and GATT services remain active. Subsequent BLE read or write callbacks can then dereference freed memory, potentially leading to invalid memory access triggered by a remote BLE client during provisioning mode. **Recommendations** Update to version 5.5.3 Update to version 5.4.4 Update to version 5.3.5 Update to version 5.2.7 Update to version 5.1.7

**Name of the Vulnerable Software and Affected Versions** Espressif Internet of Things (IOT) Development Framework versions 5.1.6 through 5.5.2 **Description** The Espressif Internet of Things (IOT) Development Framework (ESF-IDF) contains a flaw in the BLE ATT Prepare Write handling within the BLE provisioning transport (protocomm ble). A remote BLE client can trigger this issue while the device is in provisioning mode. The system incorrectly tracks the cumulative length of prepared-write fragments, leading to an out-of-bounds read and potential memory corruption when a client sends repeated prepare write requests with overlapping offsets. The transport accumulates these fragments in a fixed-size buffer, and the inflated length is passed to provisioning handlers during execute-write processing. **Recommendations** Update to version 5.5.3 Update to version 5.4.4 Update to version 5.3.5 Update to version 5.2.7 Update to version 5.1.7