ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.

Published 2022-06-25 07:15:07

Updated 2022-07-08 14:17:31

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2022-24893

Espressif » Esp-idf » Version: 4.1.3
cpe:2.3:a:espressif:esp-idf:4.1.3:*:*:*:*:*:*:*
Matching versions
Espressif » Esp-idf » Version: 4.2.3
cpe:2.3:a:espressif:esp-idf:4.2.3:*:*:*:*:*:*:*
Matching versions
Espressif » Esp-idf » Version: 4.3.2
cpe:2.3:a:espressif:esp-idf:4.3.2:*:*:*:*:*:*:*
Matching versions
Espressif » Esp-idf » Version: 4.4.1
cpe:2.3:a:espressif:esp-idf:4.4.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-24893

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-24893

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.3	HIGH	AV:A/AC:L/Au:N/C:C/I:C/A:C	6.5	10.0	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.5	HIGH	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	GitHub, Inc.
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-24893

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.
Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
CWE-788 Access of Memory Location After End of Buffer

The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

Assigned by: security-advisories@github.com (Secondary)

References for CVE-2022-24893

https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm

Espressif Bluetooth Mesh Stack Vulnerability · Advisory · espressif/esp-idf · GitHub
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-24893

Products affected by CVE-2022-24893

Exploit prediction scoring system (EPSS) score for CVE-2022-24893

CVSS scores for CVE-2022-24893

CWE ids for CVE-2022-24893

References for CVE-2022-24893