← Back

CVE-2019-12586

nvd nist
Published: Sep 4, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Affected (6)

Espressif
3 products
Arduino Esp32
Esp Idf
Esp8266 Nonos Sdk
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Espressif
Arduino Esp32
Up to 1.0.2
Arduino Esp32
Version 1.0.3
Arduino Esp32
Version 1.0.3 rc1
Arduino Esp32
Version 1.0.3 rc2
Esp Idf
From 2.0.0 to 4.0.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Esp8266 Nonos Sdk
From 2.2.0 to 3.0.0

References (6)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory

Timeline

No history available yet.