Description
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.
Published: 2026-06-10
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read has been identified in the Bluetooth AVRCP vendor‑command parser of the Espressif Internet of Things Development Framework. The vulnerability can cause the parser to read data beyond the allocated heap buffer, potentially exposing internal and sensitive information. The flaw does not provide code execution or direct denial of service, but it can be used to leak confidential data that resides in memory at the time of the malformed command.

Affected Systems

The affected product is Espressif ESP‑IDF, its IoT development framework. Versions susceptible to the issue include 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0. The security fix is available in 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.

Risk and Exploitability

The CVSS score of 4.6 indicates a moderate level of risk. No exploit probability score is currently available, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attacker must interact with the device’s Bluetooth stack, specifically targeting the AVRCP vendor command interface, to craft a malicious packet that triggers the read. The attack could occur locally via Bluetooth proximity or over a network if the device is exposed to an untrusted remote connection.

Generated by OpenCVE AI on June 10, 2026 at 02:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ESP‑IDF to a patched version (5.2.7, 5.3.6, 5.4.5, 5.5.4 or 6.0.1).
  • Rebuild and redeploy firmware on all affected devices to apply the fix.
  • If upgrade is not immediately possible, disable AVRCP vendor command handling or block Bluetooth connections from untrusted devices to mitigate exposure.

Generated by OpenCVE AI on June 10, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:espressif:esp-idf:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:espressif:esp-idf:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:espressif:esp-idf:5.4.4:*:*:*:*:*:*:*
cpe:2.3:a:espressif:esp-idf:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:espressif:esp-idf:6.0:*:*:*:*:*:*:*

Wed, 10 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
First Time appeared Espressif
Espressif esp-idf
Vendors & Products Espressif
Espressif esp-idf

Wed, 10 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Description ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.
Title ESF-IDF: Heap Out-of-Bounds Read in Bluedroid AVRCP Target Parser
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L'}

Subscriptions

Espressif Esp-idf
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-10T16:10:31.318Z

Reserved: 2026-05-14T19:12:32.756Z

Link: CVE-2026-46532

cve-icon Vulnrichment

Updated: 2026-06-10T16:10:26.535Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-10T02:16:33.287

Modified: 2026-06-11T17:36:20.577

Link: CVE-2026-46532

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T03:15:20Z

Weaknesses