{“lastseen”:””,”description”:”ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components\/lwip\/apps\/dhcpserver\/dhcpserver.c) shipped with ESP-IDF’s lwIP component. The parser walks the BOOTP\/DHCP options field without validating that each option’s length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF’s SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2.”,”published”:”2026-06-10T00:26:34.381Z”,”modified”:”2026-06-10T00:26:34.381Z”,”type”:”cve”,”title”:”ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser”,”source”:”GitHub_M”,”references”:”https:\/\/github.com\/espressif\/esp-idf\/security\/advisories\/GHSA-g764-gwc3-75m5\\nhttps:\/\/github.com\/espressif\/esp-idf\/commit\/2bf4dd12002dbae60a4b21abff010ecb2b8ee82b\\nhttps:\/\/github.com\/espressif\/esp-idf\/commit\/2da2db43fd7e0bcff9e7b95f54f388296bb6f911\\nhttps:\/\/github.com\/espressif\/esp-idf\/commit\/8b4b5d5301815198d177974ffc24848f47748248\\nhttps:\/\/github.com\/espressif\/esp-idf\/commit\/9f713dbc94982d917f2d12964b233cd9efa4aeba\\nhttps:\/\/github.com\/espressif\/esp-idf\/commit\/d51b1076092487e533eadf8b48c9c8579d3a6712\\nhttps:\/\/github.com\/espressif\/esp-idf\/commit\/fba5f995436a3e3139f768b6d8f1a74d5ce1d318″,”id”:”CVE-2026-45160″,”bulletinFamily”:””,”cwe”:[“CWE-125″],”cvelist”:null,”sourceData”:”espressif esp-idf = 5.2.7\\nespressif esp-idf = 5.3.5\\nespressif esp-idf = 5.4.4\\nespressif esp-idf = 5.5.4\\nespressif esp-idf = 6.0.1″,”sourceHref”:””,”cvss”:{“score”:6.5,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”esp-idf”,”version”:”= 5.2.7″,”vendor”:”espressif”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,26,12,21,13,7,11,5],"class_list":["post-61536","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-65","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n