ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45160.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-125"
]
}{
"source": [
"CPE_STRING",
"REFERENCES"
],
"cpe": [
"cpe:2.3:a:espressif:esp-idf:5.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:espressif:esp-idf:5.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:espressif:esp-idf:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:espressif:esp-idf:5.5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:espressif:esp-idf:6.0.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "5.2.7"
},
{
"last_affected": "5.2.7"
},
{
"introduced": "5.3.5"
},
{
"last_affected": "5.3.5"
},
{
"introduced": "5.4.4"
},
{
"last_affected": "5.4.4"
},
{
"introduced": "5.5.4"
},
{
"last_affected": "5.5.4"
},
{
"introduced": "6.0.1"
},
{
"last_affected": "6.0.1"
}
]
}