CVE-2025-68473

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.5.1 through 5.1.6 and earlier

Description ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The Bluetooth host stack (BlueDroid) within ESP-IDF contains a flaw in the bta dm sdp result() function. This function utilizes a fixed-size array, uuid list[32][MAX UUID SIZE], to store discovered service UUIDs during the Service Discovery Protocol (SDP) process. If the number of discovered Bluetooth services exceeds 32, subsequent writes to this array can result in an out-of-bounds write condition.

Recommendations Versions prior to 5.1.6 are affected. Versions 5.1.6, 5.2.6, 5.3.4, 5.4.3, and 5.5.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.