CPE-9931AD8E-84BD-4AC9-9759-CB5F34B2E828 Detail

CPE Details

Espressif ESP-IDF 4.3.2

Vendor

espressif

Product

esp-idf

Version

4.3.2

Created

2022-07-06
11h02 +00:00

Modified

2022-07-06
11h49 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:espressif:esp-idf:4.3.2:::::::*

Informations

Vendor

espressif

Product

esp-idf

Version

4.3.2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-24893	2022-06-25 04h55 +00:00	ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.	8.8	High
CVE-2021-28139	2021-09-07 04h27 +00:00	The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.	8.8	High
CVE-2021-28135	2021-09-07 03h56 +00:00	The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.	6.5	Medium
CVE-2021-28136	2021-09-07 03h52 +00:00	The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.	6.5	Medium

Espressif ESP-IDF 4.3.2

CPE Details

CPE Name: cpe:2.3:a:espressif:esp-idf:4.3.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:espressif:esp-idf:4.3.2:::::::*