Design/Logic Flaw

2020-08-3115:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target’s BLE stack) by sending a crafted sequence of BLE packets.

CPENameOperatorVersion
esp-idfge4.0.0
esp-idfle4.2

CPE	Name	Operator	Version
	esp-idf	ge	4.0.0
	esp-idf	le	4.2

References

asset-group.github.io/cves.html

asset-group.github.io/disclosures/sweyntooth/

github.com/espressif/esp32-bt-lib