Multiple vulnerabilities in esp-idf
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-24746 CVE-2020-26142 CVE-2023-52160 |
| CWE-ID | CWE-835 CWE-20 CWE-287 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
ESP-IDF Server applications / Other server solutions |
| Vendor | Espressif Systems |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Infinite loop
EUVDB-ID: #VU88227
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-24746
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in GATT server. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsESP-IDF: 5.0 - 5.2.2
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:espressif_systems:esp-idf:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:espressif_systems:esp-idf:5.0.2:*:*:*:*:*:*:*
https://github.com/espressif/esp-idf/releases/tag/v5.3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU53175
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. A remote attacker on the local network can inject arbitrary network packets, independent of the network configuration.
MitigationInstall update from vendor's website.
Vulnerable software versionsESP-IDF: 5.0 - 5.2.2
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:espressif_systems:esp-idf:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:espressif_systems:esp-idf:5.0.2:*:*:*:*:*:*:*
https://github.com/espressif/esp-idf/releases/tag/v5.3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper authentication
EUVDB-ID: #VU86768
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-52160
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the PEAP implementation. A remote attacker can bypass authentication process by sending an EAP-TLV Success packet instead of starting Phase 2.
Successful exploitation of the vulnerability requires that wpa_supplicant is configured to not verify the network's TLS certificate during Phase 1 authentication.
MitigationInstall update from vendor's website.
Vulnerable software versionsESP-IDF: 5.0 - 5.2.2
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:espressif_systems:esp-idf:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:espressif_systems:esp-idf:5.0.2:*:*:*:*:*:*:*
https://github.com/espressif/esp-idf/releases/tag/v5.3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
