{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93058?format=json","vulnerability_id":"VCID-uvsf-xeyf-ukhx","summary":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUIDs during the SDP (Service Discovery Protocol) process. On modern Bluetooth devices, it is possible for the number of available services to exceed this fixed limit (32). In such cases, if more than 32 services are discovered, subsequent writes to uuid_list could exceed the bounds of the array, resulting in a potential out-of-bounds write condition.","aliases":[{"alias":"CVE-2025-68473"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68473","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1125","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11277","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1131","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11319","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68473"},{"reference_url":"https://github.com/espressif/esp-idf/commit/3286e45349b0b5c2b1422ef7e8d088b95eef895d","reference_id":"3286e45349b0b5c2b1422ef7e8d088b95eef895d","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:44:09Z/"}],"url":"https://github.com/espressif/esp-idf/commit/3286e45349b0b5c2b1422ef7e8d088b95eef895d"},{"reference_url":"https://github.com/espressif/esp-idf/commit/4d928f2265c394d2abc85024228e920a5b26bcab","reference_id":"4d928f2265c394d2abc85024228e920a5b26bcab","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:44:09Z/"}],"url":"https://github.com/espressif/esp-idf/commit/4d928f2265c394d2abc85024228e920a5b26bcab"},{"reference_url":"https://github.com/espressif/esp-idf/commit/5b3185168dae83d42aa0852689422fffd931f16c","reference_id":"5b3185168dae83d42aa0852689422fffd931f16c","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:44:09Z/"}],"url":"https://github.com/espressif/esp-idf/commit/5b3185168dae83d42aa0852689422fffd931f16c"},{"reference_url":"https://github.com/espressif/esp-idf/commit/6453f57a954458ad8ffd6e4bf2d9e76b73fac0f1","reference_id":"6453f57a954458ad8ffd6e4bf2d9e76b73fac0f1","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:44:09Z/"}],"url":"https://github.com/espressif/esp-idf/commit/6453f57a954458ad8ffd6e4bf2d9e76b73fac0f1"},{"reference_url":"https://github.com/espressif/esp-idf/commit/6ca6f422dafaffcb88fa56cc458ce92d96be3b2e","reference_id":"6ca6f422dafaffcb88fa56cc458ce92d96be3b2e","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:44:09Z/"}],"url":"https://github.com/espressif/esp-idf/commit/6ca6f422dafaffcb88fa56cc458ce92d96be3b2e"},{"reference_url":"https://github.com/espressif/esp-idf/commit/9889edd799cf369e082df9d01adba961d64693ed","reference_id":"9889edd799cf369e082df9d01adba961d64693ed","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:44:09Z/"}],"url":"https://github.com/espressif/esp-idf/commit/9889edd799cf369e082df9d01adba961d64693ed"},{"reference_url":"https://github.com/espressif/esp-idf/commit/ecb86d353640cf1375bf97db32e702ba59c551b6","reference_id":"ecb86d353640cf1375bf97db32e702ba59c551b6","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:44:09Z/"}],"url":"https://github.com/espressif/esp-idf/commit/ecb86d353640cf1375bf97db32e702ba59c551b6"},{"reference_url":"https://github.com/espressif/esp-idf/security/advisories/GHSA-hmjj-rjvv-w8pq","reference_id":"GHSA-hmjj-rjvv-w8pq","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:44:09Z/"}],"url":"https://github.com/espressif/esp-idf/security/advisories/GHSA-hmjj-rjvv-w8pq"}],"weaknesses":[{"cwe_id":787,"name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."}],"exploits":[],"severity_range_score":"0.0 - 0.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvsf-xeyf-ukhx"}