The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.
References
Link | Resource |
---|---|
https://asset-group.github.io/cves.html | Third Party Advisory |
https://asset-group.github.io/disclosures/sweyntooth/ | Third Party Advisory |
https://github.com/espressif/esp32-bt-lib | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-31T14:59:57
Updated: 2020-08-31T14:59:57
Reserved: 2020-05-26T00:00:00
Link: CVE-2020-13595
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-31T15:15:10.680
Modified: 2020-09-08T21:09:33.517
Link: CVE-2020-13595
JSON object: View
Redhat Information
No data.
CWE