Vulnerability Details : CVE-2020-13594
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2020-13594
- cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13594
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-13594
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:N/A:P |
6.5
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2020-13594
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13594
-
https://github.com/espressif/esp32-bt-lib
GitHub - espressif/esp32-bt-lib: ESP32 Bluetooth stack (below HCI layer) precompiled librariesThird Party Advisory
-
https://asset-group.github.io/cves.html
ASSET Research Group: CVEsThird Party Advisory
-
https://asset-group.github.io/disclosures/sweyntooth/
ASSET Research Group: SweynToothThird Party Advisory
Jump to