← voltar
CVE-2020-13595

CVE-2020-13595

EPSS 0.9%
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://asset-group.github.io/cves.htmlhttps://asset-group.github.io/disclosures/sweyntooth/https://github.com/espressif/esp32-bt-lib