Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Vendor of Product

Espressif Systems

Affected Verisons

2.x

3.0.x -3.0.9

3.1.x - 3.1.7

3.2.x - 3.2.3

3.3.x - 3.3.2

4.0.x - 4.0.1

CVE ID

CVE-2020-16146

Description

Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.

Vulnerability Type

CWE-120 Classic Buffer Overflow

Affected Component

BluFi provisioning, btc_blufi_recv_handler function in blufi_prf.c.

Attack Type

Remote

Impact

Denial of Service

Reporter

Lewei Qu

References

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=cve-2020-16146

https://github.com/espressif/esp-idf

https://www.espressif.com/en/products/socs

espressif/esp-idf#5048