CVE-2026-45160 | espressif esp-idf up to 6.0.1 DHCP Server Option Parser dhcpserver.c parse_options out-of-bounds (GHSA-g764-gwc3-75m5)

A vulnerability, which was classified as problematic, has been found in espressif esp-idf 5.2.7/5.3.5/5.4.4/5.5.4/6.0.1. This vulnerability affects the function parse_options of the file components/lwip/apps/dhcpserver/dhcpserver.c of the component DHCP Server Option Parser. This manipulation causes out-of-bounds read.

This vulnerability is handled as CVE-2026-45160. The attack can only be done within the local network. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More