ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUIDs during the SDP (Service Discovery Protocol) process. On modern Bluetooth devices, it is possible for the number of available services to exceed this fixed limit (32). In such cases, if more than 32 services are discovered, subsequent writes to uuid_list could exceed the bounds of the array, resulting in a potential out-of-bounds write condition.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Sat, 27 Dec 2025 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUIDs during the SDP (Service Discovery Protocol) process. On modern Bluetooth devices, it is possible for the number of available services to exceed this fixed limit (32). In such cases, if more than 32 services are discovered, subsequent writes to uuid_list could exceed the bounds of the array, resulting in a potential out-of-bounds write condition. | |
| Title | ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling | |
| Weaknesses | CWE-787 | |
| References |
|
|
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-12-26T23:54:47.709Z
Reserved: 2025-12-18T13:52:15.491Z
Link: CVE-2025-68473
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-12-27T00:15:42.323
Modified: 2025-12-27T00:15:42.323
Link: CVE-2025-68473
Redhat
No data.
OpenCVE Enrichment
No data.