Espressif

Esp-idf

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-16146

  • EPSS 0.35%
  • Veröffentlicht 12.01.2021 03:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:51

Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a c...

6.5

CVE-2020-13595

  • EPSS 0.24%
  • Veröffentlicht 31.08.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:34

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an M...

6.5

CVE-2020-13594

  • EPSS 0.15%
  • Veröffentlicht 31.08.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:34

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cau...

6.8

CVE-2020-12638

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.07.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:57

An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode...

7.2

CVE-2019-15894

  • EPSS 0.03%
  • Veröffentlicht 07.10.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:40

An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verif...

6.5

CVE-2019-12586

Exploit
  • EPSS 2.35%
  • Veröffentlicht 04.09.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:23:08

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of serv...

8.1

CVE-2019-12587

Exploit
  • EPSS 0.08%
  • Veröffentlicht 04.09.2019 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:08

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers i...

6.9

CVE-2018-18558

  • EPSS 0.04%
  • Veröffentlicht 13.05.2019 13:29:02
  • Zuletzt bearbeitet 21.11.2024 03:56:09

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary ...