GHSA-3f38-96qm-r3fw

Source

https://github.com/advisories/GHSA-3f38-96qm-r3fw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-3f38-96qm-r3fw/GHSA-3f38-96qm-r3fw.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-3f38-96qm-r3fw

Aliases

Published

2023-11-09T18:34:55Z

Modified

2023-11-15T18:46:26.035649Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

esptool allows attackers to view sensitive information via weak cryptographic algorithm

Details

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

Database specific

{
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-326"
    ],
    "github_reviewed_at": "2023-11-09T22:10:33Z",
    "nvd_published_at": "2023-11-09T16:15:34Z"
}

References

Affected packages

PyPI / esptool

Package

Name: esptool; View open source insights on deps.dev
Purl: pkg:pypi/esptool

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.6.2

Affected versions

1.*

1.0.0

1.0.1

1.1

1.2

1.2.1

1.3

2.*

2.0

2.0.1

2.1

2.2

2.2.1

2.3

2.3.1

2.4.0

2.4.1

2.5.0

2.5.1

2.6

2.7

2.8

3.*

3.0

3.1

3.2

3.3

3.3.1

3.3.2

3.3.3

4.*

4.0

4.0.1

4.1

4.2

4.2.1

4.3

4.4

4.5.dev0

4.5.dev1

4.5.dev2

4.5.dev3

4.5

4.5.1

4.6.dev1

4.6

4.6.1

4.6.2