PYSEC-2023-234

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/esptool/PYSEC-2023-234.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2023-234

Aliases

Published

2023-11-09T16:15:00Z

Modified

2025-09-19T04:22:09.683681Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

References

https://github.com/espressif/esptool/issues/926

Affected packages

PyPI / esptool

Package

Name: esptool; View open source insights on deps.dev
Purl: pkg:pypi/esptool

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.0

1.0.1

1.1

1.2

1.2.1

1.3

2.*

2.0

2.0.1

2.1

2.2

2.2.1

2.3

2.3.1

2.4.0

2.4.1

2.5.0

2.5.1

2.6

2.7

2.8

3.*

3.0

3.1

3.2

3.3

3.3.1

3.3.2

3.3.3

4.*

4.0

4.0.1

4.1

4.2

4.2.1

4.3

4.4

4.5.dev0

4.5.dev1

4.5.dev2

4.5.dev3

4.5

4.5.1

4.6.dev1

4.6

4.6.1

4.6.2

4.7.dev1

4.7.dev2

4.7.dev3

4.7.0

4.8.dev1

4.8.dev2

4.8.dev3

4.8.dev4

4.8.dev5

4.8.0

4.8.1

4.9.dev1

4.9.dev2

4.9.dev3

4.9.dev4

4.9.dev5

4.9.dev6

4.9.dev7

4.9.dev8

4.9.0

4.10.dev1

4.10.dev2

4.10.0

5.*

5.0.dev0

5.0.dev1

5.0.0

5.0.1

5.0.2

5.1.dev1

5.1.0