CVE-2021-28139

Published: Sep 7, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.

Affected (1)

Products: Espressif: Esp Idf

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp Idf	Up to 4.4

Running on/with	Platform Versions
Espressif Esp32	All versions

References (8)

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://github.com/espressif/esp-idf

Source: cve@mitre.org

ProductThird Party Advisory

https://github.com/espressif/esp32-bt-lib

Source: cve@mitre.org

ProductThird Party Advisory

https://www.espressif.com/en/products/socs/esp32

Source: cve@mitre.org

ProductVendor Advisory

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

https://github.com/espressif/esp-idf

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://github.com/espressif/esp32-bt-lib

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://www.espressif.com/en/products/socs/esp32

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.