Espressif ESP-IDF 2.x, 3.0.x up to and including 3.0.9, 3.1.x up to and including 3.1.7, 3.2.x up to and including 3.2.3, 3.3.x up to and including 3.3.2, and 4.0.x up to and including 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
espressif esp-idf |