Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.
References
Link | Resource |
---|---|
https://github.com/espressif/esp-idf | Third Party Advisory |
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Jan 2021, 14:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-120 | |
References | (MISC) https://github.com/espressif/esp-idf - Third Party Advisory | |
References | (MISC) https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md - Third Party Advisory | |
CPE | cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:* |
12 Jan 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-12 03:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-16146
Mitre link : CVE-2020-16146
CVE.ORG link : CVE-2020-16146
JSON object : View
Products Affected
espressif
- esp-idf
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')