CVE-2020-13595

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.
References
Configurations

Configuration 1


Information

Published : 2020-08-31 03:15

Updated : 2020-09-08 09:09


NVD link : CVE-2020-13595

Mitre link : CVE-2020-13595

Products Affected
No products.
CWE