CVE-2025-68474 (CNNVD-202512-4856)

MEDIUM
中文标题:
Espressif IoT Development Framework 缓冲区错误漏洞
英文标题:
ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling
CVSS分数: 6.1
发布时间: 2025-12-26 23:57:54
漏洞类型: 缓冲区错误
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v3
漏洞描述
中文描述:

Espressif IoT Development Framework是Espressif Systems开源的一个物联网开发框架。 Espressif IoT Development Framework 5.5.1版本、5.4.3版本、5.3.4版本、5.2.6版本、5.1.6版本及之前版本存在缓冲区错误漏洞,该漏洞源于AVRCP堆栈中缓冲区大小验证不足,可能导致越界写入和内存损坏。

英文描述:

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actual fixed header data written before the vendor payload exceeds this value. This totals 29 bytes written before p_msg->p_vendor_data is copied. Using the old AVRC_MIN_CMD_LEN could allow an out-of-bounds write if vendor_len approaches the buffer limit. For commands where vendor_len is large, the original buffer allocation may be insufficient, causing writes beyond the allocated memory. This can lead to memory corruption, crashes, or other undefined behavior. The overflow could be larger when assertions are disabled.

CWE类型:
CWE-787
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
espressif esp-idf >= 5.5-beta1, <= 5.5.1 - - cpe:2.3:a:espressif:esp-idf:>=_5.5-beta1,_<=_5.5.1:*:*:*:*:*:*:*
espressif esp-idf >= 5.4-beta1, <= 5.4.3 - - cpe:2.3:a:espressif:esp-idf:>=_5.4-beta1,_<=_5.4.3:*:*:*:*:*:*:*
espressif esp-idf >= 5.3-beta1, <= 5.3.4 - - cpe:2.3:a:espressif:esp-idf:>=_5.3-beta1,_<=_5.3.4:*:*:*:*:*:*:*
espressif esp-idf >= 5.2-beta1, <= 5.2.6 - - cpe:2.3:a:espressif:esp-idf:>=_5.2-beta1,_<=_5.2.6:*:*:*:*:*:*:*
espressif esp-idf <= 5.1.6 - - cpe:2.3:a:espressif:esp-idf:<=_5.1.6:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
https://github.com/espressif/esp-idf/security/advisories/GHSA-43gh-7r4f-qp57 x_refsource_CONFIRM
cve.org
访问
https://github.com/espressif/esp-idf/commit/0b0b59f2e19cb99dfa1b28c284d1c5c1d276a132 x_refsource_MISC
cve.org
访问
https://github.com/espressif/esp-idf/commit/565fa98d0cfd58102204c1cb636747e17ee59845 x_refsource_MISC
cve.org
访问
https://github.com/espressif/esp-idf/commit/8262ee807d5cd425f66304f703eeb3382fb888c0 x_refsource_MISC
cve.org
访问
https://github.com/espressif/esp-idf/commit/a6c1bc5e3e91ad1cb964ce2c178ee40a5d10a4a0 x_refsource_MISC
cve.org
访问
https://github.com/espressif/esp-idf/commit/aa0e3d75db995b7137b55349fc92ee684b47092d x_refsource_MISC
cve.org
访问
https://github.com/espressif/esp-idf/commit/b9ba1e29b65536ab4b670ac099585d09adce0376 x_refsource_MISC
cve.org
访问
CVSS评分详情
4.0 (cna)
MEDIUM
6.1
CVSS向量: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L
机密性
LOW
完整性
LOW
可用性
HIGH
后续系统影响 (Subsequent):
机密性
LOW
完整性
LOW
可用性
LOW
时间信息
发布时间:
2025-12-26 23:57:54
修改时间:
2025-12-29 16:51:36
创建时间:
2026-01-12 02:12:30
更新时间:
2026-01-20 03:10:44
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-68474 2025-12-30 04:11:40 2026-01-12 02:12:30
NVD nvd_CVE-2025-68474 2025-12-30 04:12:19 2026-01-12 02:28:14
CNNVD cnnvd_CNNVD-202512-4856 2026-01-11 06:15:03 2026-01-12 02:38:08
版本与语言
当前版本: v3
主要语言: EN
支持语言:
ZH EN
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2026-01-12 02:38:08
vulnerability_type: 未提取 → 缓冲区错误; cnnvd_id: 未提取 → CNNVD-202512-4856; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 缓冲区错误
  • cnnvd_id: 未提取 -> CNNVD-202512-4856
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2026-01-12 02:28:14
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • data_sources: ['cve'] -> ['cve', 'nvd']