Vulnerability Details : CVE-2020-16146
Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.
Vulnerability category: Overflow
Products affected by CVE-2020-16146
- cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
- cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
- cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
- cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
- cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
- cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-16146
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-16146
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-16146
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-16146
-
https://github.com/espressif/esp-idf
GitHub - espressif/esp-idf: Espressif IoT Development Framework. Official development framework for ESP32.Third Party Advisory
-
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/CVE-2020-16146.md
MY_CVE_CREDIT/CVE-2020-16146.md at master · pokerfacett/MY_CVE_CREDIT · GitHubThird Party Advisory
Jump to