<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://db.gcve.eu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 21:18:23 +0000</lastBuildDate>
    <item>
      <title>00d5308c-6cc9-45e3-852b-ac83b4c6457c</title>
      <link>https://db.gcve.eu/sighting/00d5308c-6cc9-45e3-852b-ac83b4c6457c/export</link>
      <description>{"uuid": "00d5308c-6cc9-45e3-852b-ac83b4c6457c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m6ztoxqqgt2b", "content": "", "creation_timestamp": "2025-12-02T21:02:37.888645Z"}</description>
      <content:encoded>{"uuid": "00d5308c-6cc9-45e3-852b-ac83b4c6457c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m6ztoxqqgt2b", "content": "", "creation_timestamp": "2025-12-02T21:02:37.888645Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/00d5308c-6cc9-45e3-852b-ac83b4c6457c/export</guid>
      <pubDate>Tue, 02 Dec 2025 21:02:37 +0000</pubDate>
    </item>
    <item>
      <title>1ab836ef-f976-40bc-b9d1-759261d0b198</title>
      <link>https://db.gcve.eu/sighting/1ab836ef-f976-40bc-b9d1-759261d0b198/export</link>
      <description>{"uuid": "1ab836ef-f976-40bc-b9d1-759261d0b198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "seen", "source": "https://mastodon.social/users/leakix/statuses/115643252882270642", "content": "", "creation_timestamp": "2025-12-01T08:00:05.358543Z"}</description>
      <content:encoded>{"uuid": "1ab836ef-f976-40bc-b9d1-759261d0b198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "seen", "source": "https://mastodon.social/users/leakix/statuses/115643252882270642", "content": "", "creation_timestamp": "2025-12-01T08:00:05.358543Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/1ab836ef-f976-40bc-b9d1-759261d0b198/export</guid>
      <pubDate>Mon, 01 Dec 2025 08:00:05 +0000</pubDate>
    </item>
    <item>
      <title>384c0421-6089-4012-940f-f7fb7c82a975</title>
      <link>https://db.gcve.eu/sighting/384c0421-6089-4012-940f-f7fb7c82a975/export</link>
      <description>{"uuid": "384c0421-6089-4012-940f-f7fb7c82a975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "published-proof-of-concept", "source": "https://t.me/realcodeb0ss/142", "content": "", "creation_timestamp": "2025-11-04T18:36:49.000000Z"}</description>
      <content:encoded>{"uuid": "384c0421-6089-4012-940f-f7fb7c82a975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "published-proof-of-concept", "source": "https://t.me/realcodeb0ss/142", "content": "", "creation_timestamp": "2025-11-04T18:36:49.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/384c0421-6089-4012-940f-f7fb7c82a975/export</guid>
      <pubDate>Tue, 04 Nov 2025 18:36:49 +0000</pubDate>
    </item>
    <item>
      <title>9ba11cc4-f9ac-4675-bc73-290645eaffe6</title>
      <link>https://db.gcve.eu/sighting/9ba11cc4-f9ac-4675-bc73-290645eaffe6/export</link>
      <description>{"uuid": "9ba11cc4-f9ac-4675-bc73-290645eaffe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m4qw67lswh26", "content": "", "creation_timestamp": "2025-11-03T21:02:29.313051Z"}</description>
      <content:encoded>{"uuid": "9ba11cc4-f9ac-4675-bc73-290645eaffe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m4qw67lswh26", "content": "", "creation_timestamp": "2025-11-03T21:02:29.313051Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/9ba11cc4-f9ac-4675-bc73-290645eaffe6/export</guid>
      <pubDate>Mon, 03 Nov 2025 21:02:29 +0000</pubDate>
    </item>
    <item>
      <title>1ace32ba-eda4-4441-b8d0-ef02d96b6311</title>
      <link>https://db.gcve.eu/sighting/1ace32ba-eda4-4441-b8d0-ef02d96b6311/export</link>
      <description>{"uuid": "1ace32ba-eda4-4441-b8d0-ef02d96b6311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-52472.yaml", "content": "", "creation_timestamp": "2025-11-03T04:08:11.000000Z"}</description>
      <content:encoded>{"uuid": "1ace32ba-eda4-4441-b8d0-ef02d96b6311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52472", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-52472.yaml", "content": "", "creation_timestamp": "2025-11-03T04:08:11.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/1ace32ba-eda4-4441-b8d0-ef02d96b6311/export</guid>
      <pubDate>Mon, 03 Nov 2025 04:08:11 +0000</pubDate>
    </item>
    <item>
      <title>70b071c5-51fa-4719-9388-1c69a2f1531e</title>
      <link>https://db.gcve.eu/sighting/70b071c5-51fa-4719-9388-1c69a2f1531e/export</link>
      <description>{"uuid": "70b071c5-51fa-4719-9388-1c69a2f1531e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52477", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsjyn57xeb2o", "content": "", "creation_timestamp": "2025-06-26T20:46:01.527319Z"}</description>
      <content:encoded>{"uuid": "70b071c5-51fa-4719-9388-1c69a2f1531e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52477", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsjyn57xeb2o", "content": "", "creation_timestamp": "2025-06-26T20:46:01.527319Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/70b071c5-51fa-4719-9388-1c69a2f1531e/export</guid>
      <pubDate>Thu, 26 Jun 2025 20:46:01 +0000</pubDate>
    </item>
    <item>
      <title>82d718d7-62d3-47c8-a7b4-89c142facd2f</title>
      <link>https://db.gcve.eu/sighting/82d718d7-62d3-47c8-a7b4-89c142facd2f/export</link>
      <description>{"uuid": "82d718d7-62d3-47c8-a7b4-89c142facd2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52477", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19645", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52477\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Upgrade to v0.5.3 to resolve this issue. This version includes patch sets to sanitize input and redact logging.\n\ud83d\udccf Published: 2025-06-26T16:46:09.380Z\n\ud83d\udccf Modified: 2025-06-26T16:46:09.380Z\n\ud83d\udd17 References:\n1. https://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq\n2. https://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq\n3. https://github.com/octo-sts/app/commit/0f177fde54f9318e33f0bba6abaea9463a7c3afd\n4. https://github.com/octo-sts/app/commit/b3976e39bd8c8c217c0670747d34a4499043da92", "creation_timestamp": "2025-06-26T17:51:01.000000Z"}</description>
      <content:encoded>{"uuid": "82d718d7-62d3-47c8-a7b4-89c142facd2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52477", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19645", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52477\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Upgrade to v0.5.3 to resolve this issue. This version includes patch sets to sanitize input and redact logging.\n\ud83d\udccf Published: 2025-06-26T16:46:09.380Z\n\ud83d\udccf Modified: 2025-06-26T16:46:09.380Z\n\ud83d\udd17 References:\n1. https://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq\n2. https://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq\n3. https://github.com/octo-sts/app/commit/0f177fde54f9318e33f0bba6abaea9463a7c3afd\n4. https://github.com/octo-sts/app/commit/b3976e39bd8c8c217c0670747d34a4499043da92", "creation_timestamp": "2025-06-26T17:51:01.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/82d718d7-62d3-47c8-a7b4-89c142facd2f/export</guid>
      <pubDate>Thu, 26 Jun 2025 17:51:01 +0000</pubDate>
    </item>
    <item>
      <title>f0c34d7f-8ae2-46a2-bda2-e19a57a4848a</title>
      <link>https://db.gcve.eu/sighting/f0c34d7f-8ae2-46a2-bda2-e19a57a4848a/export</link>
      <description>{"uuid": "f0c34d7f-8ae2-46a2-bda2-e19a57a4848a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52479", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19486", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52479\n\ud83d\udd25 CVSS Score: 7.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. Users of HTTP.jl should upgrade immediately to HTTP.jl v1.10.17, and users of URIs.jl should upgrade immediately to URIs.jl v1.6.0. The check for valid URIs is now in the URI.jl package, and the latest version of HTTP.jl incorporates that fix. As a workaround, manually validate any URIs before passing them on to functions in this package.\n\ud83d\udccf Published: 2025-06-25T16:06:45.402Z\n\ud83d\udccf Modified: 2025-06-25T16:06:45.402Z\n\ud83d\udd17 References:\n1. https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-4g68-4pxg-mw93\n2. https://github.com/JuliaWeb/URIs.jl/pull/66", "creation_timestamp": "2025-06-25T16:47:44.000000Z"}</description>
      <content:encoded>{"uuid": "f0c34d7f-8ae2-46a2-bda2-e19a57a4848a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52479", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19486", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52479\n\ud83d\udd25 CVSS Score: 7.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. Users of HTTP.jl should upgrade immediately to HTTP.jl v1.10.17, and users of URIs.jl should upgrade immediately to URIs.jl v1.6.0. The check for valid URIs is now in the URI.jl package, and the latest version of HTTP.jl incorporates that fix. As a workaround, manually validate any URIs before passing them on to functions in this package.\n\ud83d\udccf Published: 2025-06-25T16:06:45.402Z\n\ud83d\udccf Modified: 2025-06-25T16:06:45.402Z\n\ud83d\udd17 References:\n1. https://github.com/JuliaWeb/HTTP.jl/security/advisories/GHSA-4g68-4pxg-mw93\n2. https://github.com/JuliaWeb/URIs.jl/pull/66", "creation_timestamp": "2025-06-25T16:47:44.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/f0c34d7f-8ae2-46a2-bda2-e19a57a4848a/export</guid>
      <pubDate>Wed, 25 Jun 2025 16:47:44 +0000</pubDate>
    </item>
    <item>
      <title>bcfa788e-f302-4583-ab4a-aa0dff919069</title>
      <link>https://db.gcve.eu/sighting/bcfa788e-f302-4583-ab4a-aa0dff919069/export</link>
      <description>{"uuid": "bcfa788e-f302-4583-ab4a-aa0dff919069", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52471", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsfgyxmup22a", "content": "", "creation_timestamp": "2025-06-25T01:19:51.831630Z"}</description>
      <content:encoded>{"uuid": "bcfa788e-f302-4583-ab4a-aa0dff919069", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52471", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsfgyxmup22a", "content": "", "creation_timestamp": "2025-06-25T01:19:51.831630Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/bcfa788e-f302-4583-ab4a-aa0dff919069/export</guid>
      <pubDate>Wed, 25 Jun 2025 01:19:51 +0000</pubDate>
    </item>
    <item>
      <title>56ee1ec8-d172-4e36-9952-4574995ec83f</title>
      <link>https://db.gcve.eu/sighting/56ee1ec8-d172-4e36-9952-4574995ec83f/export</link>
      <description>{"uuid": "56ee1ec8-d172-4e36-9952-4574995ec83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52471", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19404", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52471\n\ud83d\udd25 CVSS Score: 7.2 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficient validation of user-supplied data length in the packet receive function. Under certain conditions, this may lead to out-of-bounds memory access and may allow arbitrary memory write operations. On systems without a memory protection scheme, this behavior could potentially be used to achieve remote code execution (RCE) on the target device. In versions 5.4.2, 5.3.4, 5.2.6, and 5.1.6, ESP-NOW has added more comprehensive validation logic on user-supplied data length during packet reception to prevent integer underflow caused by negative value calculations. For ESP-IDF v5.3 and earlier, a workaround can be applied by validating that the `data_len` parameter received in the RX callback (registered via `esp_now_register_recv_cb()`) is a positive value before further processing. For ESP-IDF v5.4 and later, no application-level workaround is available. Users are advised to upgrade to a patched version of ESP-IDF to take advantage of the built-in mitigation.\n\ud83d\udccf Published: 2025-06-24T19:53:06.066Z\n\ud83d\udccf Modified: 2025-06-24T20:02:18.529Z\n\ud83d\udd17 References:\n1. https://github.com/espressif/esp-idf/security/advisories/GHSA-hqhh-cp47-fv5g\n2. https://github.com/espressif/esp-idf/commit/b1a379d57430d265a53aca13d59ddfbf2e7ac409\n3. https://github.com/espressif/esp-idf/commit/c5fc81917805f99e687c81cc56b68dc5df7ef8b5\n4. https://github.com/espressif/esp-idf/commit/d4dafbdc3572387cd4f9a62b776580bc4ac3bde7\n5. https://github.com/espressif/esp-idf/commit/d6ec5a52255b17c1d6ef379e89f9de2c379042f8\n6. https://github.com/espressif/esp-idf/commit/df7757d8279871fa7a2f42ef3962c6c1ec88b8a2\n7. https://github.com/espressif/esp-idf/commit/edc227c5eaeced999b5212943a9434379f8aad80", "creation_timestamp": "2025-06-24T20:48:01.000000Z"}</description>
      <content:encoded>{"uuid": "56ee1ec8-d172-4e36-9952-4574995ec83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52471", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19404", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52471\n\ud83d\udd25 CVSS Score: 7.2 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficient validation of user-supplied data length in the packet receive function. Under certain conditions, this may lead to out-of-bounds memory access and may allow arbitrary memory write operations. On systems without a memory protection scheme, this behavior could potentially be used to achieve remote code execution (RCE) on the target device. In versions 5.4.2, 5.3.4, 5.2.6, and 5.1.6, ESP-NOW has added more comprehensive validation logic on user-supplied data length during packet reception to prevent integer underflow caused by negative value calculations. For ESP-IDF v5.3 and earlier, a workaround can be applied by validating that the `data_len` parameter received in the RX callback (registered via `esp_now_register_recv_cb()`) is a positive value before further processing. For ESP-IDF v5.4 and later, no application-level workaround is available. Users are advised to upgrade to a patched version of ESP-IDF to take advantage of the built-in mitigation.\n\ud83d\udccf Published: 2025-06-24T19:53:06.066Z\n\ud83d\udccf Modified: 2025-06-24T20:02:18.529Z\n\ud83d\udd17 References:\n1. https://github.com/espressif/esp-idf/security/advisories/GHSA-hqhh-cp47-fv5g\n2. https://github.com/espressif/esp-idf/commit/b1a379d57430d265a53aca13d59ddfbf2e7ac409\n3. https://github.com/espressif/esp-idf/commit/c5fc81917805f99e687c81cc56b68dc5df7ef8b5\n4. https://github.com/espressif/esp-idf/commit/d4dafbdc3572387cd4f9a62b776580bc4ac3bde7\n5. https://github.com/espressif/esp-idf/commit/d6ec5a52255b17c1d6ef379e89f9de2c379042f8\n6. https://github.com/espressif/esp-idf/commit/df7757d8279871fa7a2f42ef3962c6c1ec88b8a2\n7. https://github.com/espressif/esp-idf/commit/edc227c5eaeced999b5212943a9434379f8aad80", "creation_timestamp": "2025-06-24T20:48:01.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/sighting/56ee1ec8-d172-4e36-9952-4574995ec83f/export</guid>
      <pubDate>Tue, 24 Jun 2025 20:48:01 +0000</pubDate>
    </item>
  </channel>
</rss>
