Vulnerabilities > CVE-2021-28139 - Unspecified vulnerability in Espressif Esp-Idf
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH low complexity
espressif
Summary
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.
Vulnerable Configurations
References
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
- https://github.com/espressif/esp32-bt-lib
- https://github.com/espressif/esp32-bt-lib
- https://github.com/espressif/esp-idf
- https://github.com/espressif/esp-idf
- https://www.espressif.com/en/products/socs/esp32
- https://www.espressif.com/en/products/socs/esp32