Denial of Service Vulnerability in Espressif ESP32 Bluetooth Controller
CVE-2020-13594

6.5MEDIUM

Key Information:

Vendor

Espressif

Status
Esp-idf
Vendor
CVE Published:
31 August 2020

What is CVE-2020-13594?

A flaw in the Bluetooth Low Energy (BLE) controller implementation of Espressif's ESP-IDF version 4.2 and earlier permits malicious actors within radio range to exploit the channel map field of the connection request packet. By sending a crafted packet, an attacker can trigger a denial of service condition, resulting in a crash of the affected devices. This vulnerability highlights the importance of secure packet validation in BLE communications to prevent service disruptions.

References

https://asset-group.github.io/disclosures/sweyntooth/
x_refsource_MISC
https://asset-group.github.io/cves.html
x_refsource_MISC
https://github.com/espressif/esp32-bt-lib
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.