CVE-2019-12588

Published: Sep 4, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Affected (2)

Products: Espressif: Arduino Esp8266, Esp8266 Nonos Sdk

2 products

Arduino Esp8266

Esp8266 Nonos Sdk

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Espressif Arduino Esp8266	Up to 2.5.2
Espressif Esp8266 Nonos Sdk	From 2.2.0 to 3.1.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/espressif

Source: cve@mitre.org

Product

https://matheus-garbelini.github.io/home/post/esp8266-beacon-frame-crash/

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/espressif

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://matheus-garbelini.github.io/home/post/esp8266-beacon-frame-crash/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.