Buffer Overflow Vulnerability in ESP-IDF Bluetooth Stack
CVE-2024-33454

6.5MEDIUM

Key Information:

Vendor: Espressif Systems
Vendor: CVE Published:; 14 May 2024

🔔 Create Espressif Systems Vulnerability Alert

What is CVE-2024-33454?

A buffer overflow vulnerability has been identified in ESP-IDF version 5.1, affecting the Bluetooth stack component. This flaw enables a remote attacker to execute arbitrary code through specially crafted scripts sent to the affected system. Such exploitation can lead to unauthorized access and potential manipulation of device functionality. Users are advised to implement appropriate security measures and apply updates to mitigate risks associated with this vulnerability.

References

https://gist.github.com/Zakary-D/30f565c4266c02c62aa9089c...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024