Security Advisory

CVE-2021-28136

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-07 05:52:46

Last updated 2024-08-03 21:33:17

Assigner mitre

State PUBLISHED

Description

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.

← Browse all CVEs View on cve.org ↗