Lucene search
+L

211 matches found

nvd
nvd
added 2024/03/25 3:15 p.m.41 views

CVE-2024-28183

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...

6.1CVSS6.1AI score0.00208EPSS
Exploits2References8
cvelist
cvelist
added 2024/03/25 2:31 p.m.48 views

CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...

6.1CVSS6.3AI score0.00208EPSS
Exploits2References8
vulnrichment
vulnrichment
added 2024/03/25 2:31 p.m.22 views

CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...

6.1CVSS6.8AI score0.00208EPSS
Exploits2References8
cve
cve
added 2024/03/25 2:31 p.m.84 views

CVE-2024-28183

CVE-2024-28183 describes a TOCTOU vulnerability in the ESP-IDF bootloader of Espressif SoCs. An attacker with physical access to device flash can bypass anti-rollback protection by altering flash contents after anti-rollback checks but before loading the application, enabling boot of partitions w...

6.1CVSS6.1AI score0.00208EPSS
Exploits2References8Affected Software1
osv
osv
added 2024/03/25 2:31 p.m.32 views

CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...

6.1CVSS5.9AI score0.00208EPSS
Exploits2References10
ptsecurity
ptsecurity
added 2024/03/25 12:0 a.m.19 views

PT-2024-4251

Name of the Vulnerable Software and Affected Versions ESP-IDF versions prior to 4.4.7 ESP-IDF versions prior to 5.2.1 Description A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader, which could allow an attacker with physical access ...

6.1CVSS6.1AI score0.00208EPSS
Exploits2References19
vulnersosv
vulnersosv
added 2023/11/09 6:34 p.m.8 views

esp-flasher (>=1.1.1 <=1.1.2), esphome (>=1.12.0 <=2023.12.9) +15 more potentially affected by CVE-2023-46894 via esptool (>=2.6.0 <=4.6.2)

esptool PYPI version =2.6.0, =1.1.1, =1.12.0, =1.1.0, =0.1.0, =0.1.0, =1.0.106, =1.19.0, =1.20.3, =0.2.0, =0.1.1.dev1, =0.6.0, =0.1.0, =0.24.0, =1.0.3, =1.0.1, =1.0.180 and more Source cves: CVE-2023-46894 Source advisory: OSV:GHSA-3F38-96QM-R3FW...

7.5CVSS6.7AI score0.00476EPSS
Exploits1
openbugbounty
openbugbounty
added 2023/06/25 12:59 a.m.10 views

paris-idf.fff.fr Cross Site Scripting vulnerability OBB-3466733

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
nvd
nvd
added 2022/06/25 7:15 a.m.26 views

CVE-2022-24893

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK ESP-BLE-MESH, a memory corruption vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. This can result in memory corruption...

8.8CVSS0.00521EPSS
Exploits0References1
cve
cve
added 2022/06/25 6:55 a.m.72 views

CVE-2022-24893

ESP-IDF Bluetooth Mesh (ESP-BLE-MESH) contains a memory corruption vulnerability (CVE-2022-24893) triggered during provisioning due to no check on the SegN field of the Transaction Start PDU. This can lead to memory corruption with potential attacker control of the system. Patch commits exist on ...

8.8CVSS8.2AI score0.00521EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2022/06/25 6:55 a.m.12 views

CVE-2022-24893 Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK ESP-BLE-MESH, a memory corruption vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. This can result in memory corruption...

7.5CVSS7.2AI score0.00521EPSS
Exploits0References1
osv
osv
added 2022/06/25 6:55 a.m.27 views

CVE-2022-24893 Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK ESP-BLE-MESH, a memory corruption vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. This can result in memory corruption...

7.5CVSS8.6AI score0.00521EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2021/10/08 12:0 a.m.9 views

The vulnerability of the Bluetooth Classic environment for developing IoT applications allows a attacker to execute arbitrary code.

The vulnerability of the Espressif esp-idf software is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.8CVSS8.3AI score0.0139EPSS
Exploits0References5Affected Software1
openbugbounty
openbugbounty
added 2021/09/10 6:48 p.m.35 views

idf-personalservice.de Cross Site Scripting vulnerability OBB-2137772

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
nvd
nvd
added 2021/09/07 7:15 a.m.34 views

CVE-2021-28139

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield...

8.8CVSS0.0139EPSS
Exploits0References4
osv
osv
added 2021/09/07 7:15 a.m.21 views

CVE-2021-28139

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield...

8.8CVSS7.6AI score
Exploits0References4
prion
prion
added 2021/09/07 7:15 a.m.17 views

Design/Logic Flaw

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield...

8.3CVSS8.7AI score0.0139EPSS
Exploits0References4Affected Software1
cve
cve
added 2021/09/07 6:27 a.m.67 views

CVE-2021-28139

CVE-2021-28139 affects Espressif ESP-IDF 4.4 and earlier. The Bluetooth Classic stack fails to properly restrict the Feature Page on receiving an LMP Feature Response Extended packet, allowing a radio‑range attacker to inject eight bytes of arbitrary data outside the Extended Features Page Table ...

8.8CVSS8.7AI score0.0139EPSS
Exploits0References4Affected Software1
osv
osv
added 2021/09/07 6:15 a.m.16 views

CVE-2021-28136

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption and consequently a crash in ESP32 via a replaye...

6.5CVSS7AI score
Exploits0References4
osv
osv
added 2021/09/07 6:15 a.m.24 views

CVE-2021-28135

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service crash in ESP32 by flooding the target device with LMP Feature Response data...

6.5CVSS6.8AI score
Exploits0References4
Rows per page
Query Builder