CVE-2021-28139

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-28139

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28139.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-28139

Published

2021-09-07T07:15:06Z

Modified

2025-01-08T08:02:35.686454Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.

References

Affected packages

Git / github.com/espressif/esp-idf

Affected ranges

Type: GIT
Repo: https://github.com/espressif/esp-idf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c8315e01107c10898947a817d5cf763cdd3f5a4f

Affected versions

v0.*

v0.9

v1.*

v1.0

v2.*

v2.0-rc1

v2.1-rc1

v3.*

v3.0-dev

v3.1-beta1

v3.1-dev

v3.2-beta1

v3.2-dev

v3.3-beta1

v3.3-beta2

v3.3-dev

v4.*

v4.0-dev

v4.1-dev

v4.2-dev

v4.3-beta1

v4.3-dev

v4.4-dev