CVE-2026-45542

HIGH

ESF-IDF: Heap buffer overflow in protocomm Security2 over Bluetooth

Title source: cna
STIX 2.1

Description

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/protocomm/src/security/security2.c) trusts the length of a client-supplied protobuf field for the SRP6a username and copies it into a buffer whose size is derived from a narrower destination type. The resulting truncation-versus-copy asymmetry corrupts the heap when an oversized value is supplied. This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.

References (7)

Core 7
Core References

Scores

CVSS v3 7.1
EPSS 0.0032
EPSS Percentile 24.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-122
Status published
Products (10)
espressif/esp-idf 5.2.6
espressif/esp-idf 5.3.5
espressif/esp-idf 5.4.4
espressif/esp-idf 5.5.4
espressif/esp-idf 6.0
espressif/esp-idf = 5.2.6
espressif/esp-idf = 5.3.5
espressif/esp-idf = 5.4.4
espressif/esp-idf = 5.5.4
espressif/esp-idf = 6.0
Published Jun 10, 2026
Tracked Since Jun 10, 2026