CVE-2026-45160
ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser
Description
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2.
INFO
Published Date :
June 10, 2026, 2:16 a.m.
Last Modified :
June 10, 2026, 2:16 a.m.
Remotely Exploit :
No
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Update to ESP-IDF version 5.2.8 or later.
- Update to ESP-IDF version 5.3.6 or later.
- Update to ESP-IDF version 5.4.5 or later.
- Update to ESP-IDF version 5.5.5 or later.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-45160.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-45160 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-45160
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-45160 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-45160 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
Jun. 10, 2026
Action Type Old Value New Value Added Description ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2. Added CVSS V3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-125 Added Reference https://github.com/espressif/esp-idf/commit/2bf4dd12002dbae60a4b21abff010ecb2b8ee82b Added Reference https://github.com/espressif/esp-idf/commit/2da2db43fd7e0bcff9e7b95f54f388296bb6f911 Added Reference https://github.com/espressif/esp-idf/commit/8b4b5d5301815198d177974ffc24848f47748248 Added Reference https://github.com/espressif/esp-idf/commit/9f713dbc94982d917f2d12964b233cd9efa4aeba Added Reference https://github.com/espressif/esp-idf/commit/d51b1076092487e533eadf8b48c9c8579d3a6712 Added Reference https://github.com/espressif/esp-idf/commit/fba5f995436a3e3139f768b6d8f1a74d5ce1d318 Added Reference https://github.com/espressif/esp-idf/security/advisories/GHSA-g764-gwc3-75m5