Known Vulnerabilities for Esp-idf by Espressif
Listed below are 10 of the newest known vulnerabilities associated with "Esp-idf" by "Espressif".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24893 | ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a mem... | 8.8 - HIGH | 2022-06-25 | 2022-07-08 |
| CVE-2021-28139 | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon re... | 8.8 - HIGH | 2021-09-07 | 2021-09-09 |
| CVE-2021-28136 | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple ... | 6.5 - MEDIUM | 2021-09-07 | 2021-09-09 |
| CVE-2021-28135 | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuou... | 6.5 - MEDIUM | 2021-09-07 | 2022-07-12 |
| CVE-2020-16146 | Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through ... | 7.5 - HIGH | 2021-01-12 | 2021-01-20 |
| CVE-2020-13595 | The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the... | 6.5 - MEDIUM | 2020-08-31 | 2020-09-08 |
| CVE-2020-13594 | The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not pr... | 6.5 - MEDIUM | 2020-08-31 | 2020-09-08 |
| CVE-2020-12638 | An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, ... | 6.8 - MEDIUM | 2020-07-23 | 2021-07-21 |
| CVE-2019-12587 | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the ins... | 8.1 - HIGH | 2019-09-04 | 2020-08-24 |
| CVE-2019-12586 | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP ... | 6.5 - MEDIUM | 2019-09-04 | 2020-08-24 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Espressif | Esp-idf | 4.2 | All | All | All |
| Application | Espressif | Esp-idf | 4.1 | dev | All | All |
| Application | Espressif | Esp-idf | 4.0.2 | All | All | All |
| Application | Espressif | Esp-idf | 4.0.1 | All | All | All |
| Application | Espressif | Esp-idf | 4.0.0 | All | All | All |
| Application | Espressif | Esp-idf | 4.0 | dev | All | All |
| Application | Espressif | Esp-idf | 3.3.4 | All | All | All |
| Application | Espressif | Esp-idf | 3.3.3 | All | All | All |
| Application | Espressif | Esp-idf | 3.3.2 | All | All | All |
| Application | Espressif | Esp-idf | 3.3.1 | All | All | All |
| Application | Espressif | Esp-idf | 3.3 | - | All | All |
| Application | Espressif | Esp-idf | 3.3 | beta1 | All | All |
| Application | Espressif | Esp-idf | 3.3 | beta2 | All | All |
| Application | Espressif | Esp-idf | 3.3 | rc | All | All |
| Application | Espressif | Esp-idf | 3.3 | beta3 | All | All |
| Application | Espressif | Esp-idf | 3.2.3 | All | All | All |
| Application | Espressif | Esp-idf | 3.2.2 | All | All | All |
| Application | Espressif | Esp-idf | 3.2.1 | All | All | All |
| Application | Espressif | Esp-idf | 3.2 | beta1 | All | All |
| Application | Espressif | Esp-idf | 3.2 | - | All | All |