CVE-2021-28136

Published: Sep 7, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.

Affected (1)

Products: Espressif: Esp Idf

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp Idf	Up to 4.4

Running on/with	Platform Versions
Espressif Esp32	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://github.com/espressif/esp-idf

Source: cve@mitre.org

ProductThird Party Advisory

https://github.com/espressif/esp32-bt-lib

Source: cve@mitre.org

ProductThird Party Advisory

https://www.espressif.com/en/products/socs/esp32

Source: cve@mitre.org

ProductVendor Advisory

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

https://github.com/espressif/esp-idf

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://github.com/espressif/esp32-bt-lib

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://www.espressif.com/en/products/socs/esp32

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.