2026.6.4
7 years ago
4 days ago
Known vulnerabilities in the esphome package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
esphome is a Make creating custom firmwares for ESP32/ESP8266 super easy. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the protobuf decoder in the API component. An attacker can cause the device to read invalid memory and crash by sending a maliciously crafted large Note: This is only exploitable if API encryption is disabled or, if enabled, the attacker possesses the encryption key. How to fix Integer Overflow or Wraparound? Upgrade | [2025.9.0,2025.12.7) |