2 matches found
CVE-2018-18558
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...
CVE-2018-18558
Affected software: Espressif ESP-IDF 2.x and 3.x before 3.0.6, and 3.1.x before 3.1.1. Root cause: Insufficient validation of input data in the 2nd stage bootloader (process_segment in components/bootloader_support/src/esp_image_format.c). Vulnerability allows a physically proximate attacker to b...