漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser
Vulnerability Description
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
ESP-IDF 缓冲区错误漏洞
Vulnerability Description
ESP-IDF是Espressif开源的一个 Windows、Linux 和 macOS 上支持的 Espressif SoC 的开发框架。 ESP-IDF 5.2.7版本、5.3.5版本、5.4.4版本、5.5.4版本和6.0.1版本存在缓冲区错误漏洞,该漏洞源于DHCP服务器选项解析器中越界读取问题,解析器在遍历BOOTP/DHCP选项字段时未验证每个选项的长度字节和声明有效载荷长度是否在接收数据包缓冲区范围内,精心构造的DHCP请求可能导致解析器读取超出选项缓冲区末尾进入相邻堆内存。
CVSS Information
N/A
Vulnerability Type
N/A