Denial of Service Vulnerability in Espressif ESP32 Bluetooth Controller
CVE-2020-13594
6.5MEDIUM
Summary
A flaw in the Bluetooth Low Energy (BLE) controller implementation of Espressif's ESP-IDF version 4.2 and earlier permits malicious actors within radio range to exploit the channel map field of the connection request packet. By sending a crafted packet, an attacker can trigger a denial of service condition, resulting in a crash of the affected devices. This vulnerability highlights the importance of secure packet validation in BLE communications to prevent service disruptions.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved