Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-45160
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-10 Jun, 2026 | 00:26
Updated At-10 Jun, 2026 | 15:10
Rejected At-
▼CVE Numbering Authority (CNA)
ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2.

Affected Products
Vendor
espressif
Product
esp-idf
Versions
Affected
  • = 5.2.7
  • = 5.3.5
  • = 5.4.4
  • = 5.5.4
  • = 6.0.1
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/espressif/esp-idf/security/advisories/GHSA-g764-gwc3-75m5
x_refsource_CONFIRM
https://github.com/espressif/esp-idf/commit/2bf4dd12002dbae60a4b21abff010ecb2b8ee82b
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/2da2db43fd7e0bcff9e7b95f54f388296bb6f911
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/8b4b5d5301815198d177974ffc24848f47748248
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/9f713dbc94982d917f2d12964b233cd9efa4aeba
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/d51b1076092487e533eadf8b48c9c8579d3a6712
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/fba5f995436a3e3139f768b6d8f1a74d5ce1d318
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/security/advisories/GHSA-g764-gwc3-75m5
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/espressif/esp-idf/commit/2bf4dd12002dbae60a4b21abff010ecb2b8ee82b
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/2da2db43fd7e0bcff9e7b95f54f388296bb6f911
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/8b4b5d5301815198d177974ffc24848f47748248
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/9f713dbc94982d917f2d12964b233cd9efa4aeba
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/d51b1076092487e533eadf8b48c9c8579d3a6712
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/fba5f995436a3e3139f768b6d8f1a74d5ce1d318
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found