← Back

CVE-2020-16146

nvd nist
Published: Jan 12, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.

Affected (6)

Products: Espressif: Esp Idf
Espressif
1 product
Esp Idf
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Espressif
Esp Idf
From 2.0.0 to 2.1.1
Esp Idf
From 3.0 to 3.0.9
Esp Idf
From 3.1 to 3.1.7
Esp Idf
From 3.2 to 3.2.3
Esp Idf
From 3.3 to 3.3.2
Esp Idf
From 4.0.0 to 4.0.1

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.