CVE-2026-45542
Severity CVSS v4.0:
Pending analysis
Type:
CWE-122
Heap-based Buffer Overflow
Publication date:
10/06/2026
Last modified:
11/06/2026
Description
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/protocomm/src/security/security2.c) trusts the length of a client-supplied protobuf field for the SRP6a username and copies it into a buffer whose size is derived from a narrower destination type. The resulting truncation-versus-copy asymmetry corrupts the heap when an oversized value is supplied. This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:espressif:esp-idf:5.2.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:espressif:esp-idf:5.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:espressif:esp-idf:5.4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:espressif:esp-idf:5.5.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:espressif:esp-idf:6.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/espressif/esp-idf/commit/0ea58d79845ad674d0358d5de246015a68c4cb4f
- https://github.com/espressif/esp-idf/commit/56c3e385611e63162d0f2f8504ac4ae2ccfccef0
- https://github.com/espressif/esp-idf/commit/71eb2dbe6aaef830719ecac8edf409e2992b64b2
- https://github.com/espressif/esp-idf/commit/9b4cacf9cbc69379972de6a2247fcf5af9240961
- https://github.com/espressif/esp-idf/commit/a2f4554f10ba075c98cbc67464db096ba32497cf
- https://github.com/espressif/esp-idf/commit/f5d24a7e919bc5f447091479656b86da6762a103
- https://github.com/espressif/esp-idf/security/advisories/GHSA-9r76-858f-v6jh