CVE-2020-16146

Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
espressifesp-idf
2.0.0 ≤
𝑥
≤ 2.1.1
espressifesp-idf
3.0 ≤
𝑥
≤ 3.0.9
espressifesp-idf
3.1 ≤
𝑥
≤ 3.1.7
espressifesp-idf
3.2 ≤
𝑥
≤ 3.2.3
espressifesp-idf
3.3 ≤
𝑥
≤ 3.3.2
espressifesp-idf
4.0.0 ≤
𝑥
≤ 4.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/espressif/esp-idf
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md
https://github.com/espressif/esp-idf
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md