211 matches found
CVE-2024-28183
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...
CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...
CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...
CVE-2024-28183
CVE-2024-28183 describes a TOCTOU vulnerability in the ESP-IDF bootloader of Espressif SoCs. An attacker with physical access to device flash can bypass anti-rollback protection by altering flash contents after anti-rollback checks but before loading the application, enabling boot of partitions w...
CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...
PT-2024-4251
Name of the Vulnerable Software and Affected Versions ESP-IDF versions prior to 4.4.7 ESP-IDF versions prior to 5.2.1 Description A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader, which could allow an attacker with physical access ...
esp-flasher (>=1.1.1 <=1.1.2), esphome (>=1.12.0 <=2023.12.9) +15 more potentially affected by CVE-2023-46894 via esptool (>=2.6.0 <=4.6.2)
esptool PYPI version =2.6.0, =1.1.1, =1.12.0, =1.1.0, =0.1.0, =0.1.0, =1.0.106, =1.19.0, =1.20.3, =0.2.0, =0.1.1.dev1, =0.6.0, =0.1.0, =0.24.0, =1.0.3, =1.0.1, =1.0.180 and more Source cves: CVE-2023-46894 Source advisory: OSV:GHSA-3F38-96QM-R3FW...
paris-idf.fff.fr Cross Site Scripting vulnerability OBB-3466733
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-24893
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK ESP-BLE-MESH, a memory corruption vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. This can result in memory corruption...
CVE-2022-24893
ESP-IDF Bluetooth Mesh (ESP-BLE-MESH) contains a memory corruption vulnerability (CVE-2022-24893) triggered during provisioning due to no check on the SegN field of the Transaction Start PDU. This can lead to memory corruption with potential attacker control of the system. Patch commits exist on ...
CVE-2022-24893 Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK ESP-BLE-MESH, a memory corruption vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. This can result in memory corruption...
CVE-2022-24893 Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK ESP-BLE-MESH, a memory corruption vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. This can result in memory corruption...
The vulnerability of the Bluetooth Classic environment for developing IoT applications allows a attacker to execute arbitrary code.
The vulnerability of the Espressif esp-idf software is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
idf-personalservice.de Cross Site Scripting vulnerability OBB-2137772
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2021-28139
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield...
CVE-2021-28139
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield...
Design/Logic Flaw
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield...
CVE-2021-28139
CVE-2021-28139 affects Espressif ESP-IDF 4.4 and earlier. The Bluetooth Classic stack fails to properly restrict the Feature Page on receiving an LMP Feature Response Extended packet, allowing a radio‑range attacker to inject eight bytes of arbitrary data outside the Extended Features Page Table ...
CVE-2021-28136
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption and consequently a crash in ESP32 via a replaye...
CVE-2021-28135
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service crash in ESP32 by flooding the target device with LMP Feature Response data...