CVE-2025-68473

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68473

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68473.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68473

Aliases

GHSA-hmjj-rjvv-w8pq

Published

2025-12-26T23:54:47.709Z

Modified

2026-01-29T02:51:41.146189Z

Severity

0.0 (None) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

Details

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function btadmsdpresult() used a fixed-size array uuidlist[32][MAXUUIDSIZE] to store discovered service UUIDs during the SDP (Service Discovery Protocol) process. On modern Bluetooth devices, it is possible for the number of available services to exceed this fixed limit (32). In such cases, if more than 32 services are discovered, subsequent writes to uuid_list could exceed the bounds of the array, resulting in a potential out-of-bounds write condition.

Database specific

{
    "cwe_ids": [
        "CWE-787"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68473.json"
}

References

Affected packages

Git / github.com/espressif/esp-idf

Affected ranges

Type

GIT

Repo

https://github.com/espressif/esp-idf

Events

Introduced

19b0d6c13cc6c558eb77d714fe239db05fbed44e

Last affected

fcae32885b0296b32044cb99ecbdc50d98dddb83

Database specific

{
    "versions": [
        {
            "introduced": "5.5-beta1"
        },
        {
            "last_affected": "5.5.1"
        }
    ]
}

Type

GIT

Repo

https://github.com/espressif/esp-idf

Events

Introduced

64b9d85a766f182c571fd1f515ce127dfcdc9a46

Last affected

ea1c174c1cbb7348bd8ba0ff1eb306246938dd80

Database specific

{
    "versions": [
        {
            "introduced": "5.4-beta1"
        },
        {
            "last_affected": "5.4.3"
        }
    ]
}

Type

GIT

Repo

https://github.com/espressif/esp-idf

Events

Introduced

ea010f84ef878dda07146244e166930738c1c103

Last affected

1b459d9c4950395dec12ce19256c73f9a41e306f

Database specific

{
    "versions": [
        {
            "introduced": "5.3-beta1"
        },
        {
            "last_affected": "5.3.4"
        }
    ]
}

Type

GIT

Repo

https://github.com/espressif/esp-idf

Events

Introduced

57bbfd423a1e9533d371a5e0e1e6bcec25bae6fc

Last affected

9ef24e3e2a2c96e720d83c574a3f8699177573da

Database specific

{
    "versions": [
        {
            "introduced": "5.2-beta1"
        },
        {
            "last_affected": "5.2.6"
        }
    ]
}

Type

GIT

Repo

https://github.com/espressif/esp-idf

Events

Introduced

Last affected

7452b1cb1d22cd1b439a6a922548efacea98ee72

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.1.6"
        }
    ]
}

Affected versions

v0.*

v0.9

v1.*

v1.0

v2.*

v2.0-rc1

v2.1-rc1

v3.*

v3.0-dev

v3.1-beta1

v3.1-dev

v3.2-beta1

v3.2-dev

v3.3-beta1

v3.3-beta2

v3.3-dev

v4.*

v4.0-dev

v4.1-dev

v4.2-dev

v4.3-beta1

v4.3-dev

v4.4-dev

v5.*

v5.0-beta1

v5.0-dev

v5.1

v5.1-beta1

v5.1-dev

v5.1-rc1

v5.1-rc2

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.1.6

v5.2

v5.2-beta1

v5.2-beta2

v5.2-rc1

v5.2.1

v5.2.2

v5.2.3

v5.2.4

v5.2.5

v5.2.6

v5.3

v5.3-beta1

v5.3-beta2

v5.3-rc1

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.4

v5.4-beta1

v5.4-beta2

v5.4-rc1

v5.4.1

v5.4.2

v5.4.3

v5.5

v5.5-beta1

v5.5.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68473.json"