Описание
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitPatchThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.2 (включая)Версия от 2.0.0 (включая) до 4.0.0 (включая)
Одно из
cpe:2.3:a:espressif:arduino-esp32:*:*:*:*:*:*:*:*
cpe:2.3:a:espressif:arduino-esp32:1.0.3:-:*:*:*:*:*:*
cpe:2.3:a:espressif:arduino-esp32:1.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:espressif:arduino-esp32:1.0.3:rc2:*:*:*:*:*:*
cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
Конфигурация 2Версия от 2.2.0 (включая) до 3.0.0 (включая)
cpe:2.3:a:espressif:esp8266_nonos_sdk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02347
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
github
больше 3 лет назад
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
EPSS
Процентиль: 85%
0.02347
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
NVD-CWE-noinfo