Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-46532
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-10 Jun, 2026 | 00:35
Updated At-10 Jun, 2026 | 16:10
Rejected At-
▼CVE Numbering Authority (CNA)
ESF-IDF: Heap Out-of-Bounds Read in Bluedroid AVRCP Target Parser

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.

Affected Products
Vendor
espressif
Product
esp-idf
Versions
Affected
  • = 5.2.6
  • = 5.3.5
  • = 5.4.4
  • = 5.5.3
  • = 6.0
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/espressif/esp-idf/security/advisories/GHSA-3pp8-42fh-3j3c
x_refsource_CONFIRM
https://github.com/espressif/esp-idf/commit/56053c4d1f37955ccf296cf2f6dfd0f7ebd4fae6
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/60f9362f83a05942069532f357c234cd5e5d4302
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/7c004d3fe3022f5f0db98dd1b2d0648a3a9cfb3f
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/8746e5f7e762ead84d2902edec34d84cdd701b2b
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/b0959b5ab1dc60398a916c80f14b1816780c801e
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/c53d05ae526607ca5eae9ffedaf57775eec33a4f
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/security/advisories/GHSA-3pp8-42fh-3j3c
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/espressif/esp-idf/commit/56053c4d1f37955ccf296cf2f6dfd0f7ebd4fae6
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/60f9362f83a05942069532f357c234cd5e5d4302
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/7c004d3fe3022f5f0db98dd1b2d0648a3a9cfb3f
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/8746e5f7e762ead84d2902edec34d84cdd701b2b
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/b0959b5ab1dc60398a916c80f14b1816780c801e
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf/commit/c53d05ae526607ca5eae9ffedaf57775eec33a4f
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found