ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning
Description
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm_ble). The issue can be triggered by a remote BLE client while the device is in provisioning mode. The transport accumulated prepared-write fragments in a fixed-size buffer but incorrectly tracked the cumulative length. By sending repeated prepare write requests with overlapping offsets, a remote client could cause the reported length to exceed the allocated buffer size. This inflated length was then passed to provisioning handlers during execute-write processing, resulting in an out-of-bounds read and potential memory corruption. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/espressif/esp-idf/commit/0540c85140c2c06c0cbecc8843277ea676d5c4a9mitrex_refsource_MISC
- github.com/espressif/esp-idf/commit/1ff264abf2504cade46f0ce3a03f821310bcf6d7mitrex_refsource_MISC
- github.com/espressif/esp-idf/commit/47552ff4fd824caf38215468ebd2f31fb5f36d70mitrex_refsource_MISC
- github.com/espressif/esp-idf/commit/4c3fdcd316f780bab4ae5aa73c9626ea9fe24ac6mitrex_refsource_MISC
- github.com/espressif/esp-idf/commit/894c28afe3f2f8f31ff25b64191883517dddb5cfmitrex_refsource_MISC
- github.com/espressif/esp-idf/commit/cde7b7362adc15638c141c249681cbe5d23de663mitrex_refsource_MISC
- github.com/espressif/esp-idf/commit/dba9a7dc01e4dab14c77d328f6a6f46369aeee63mitrex_refsource_MISC
- github.com/espressif/esp-idf/security/advisories/GHSA-9j5x-rf36-54x9mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.