esp-idf/docs/en/security/vulnerabilities.rst

177 lines
5.0 KiB
ReStructuredText
Raw Normal View History

Vulnerabilities
===============
This page briefly lists all of the vulnerabilities that are discovered and fixed in each release. Please note that for the on-going issues or the issues under embargo period, the information on this page may reflect once the desired resolution has been achieved.
.. note::
Please refer to ``latest`` version of this documentation guide for up-to-date information.
CVE-2024
--------
CVE-2024-28183
~~~~~~~~~~~~~~
Bootloader TOCTOU Vulnerability in Anti-rollback Scheme
* Espressif Advisory: NA (Published on GitHub)
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
* Advisory pointer: `GHSA-22x6-3756-pfp8`_
CVE-2023
--------
CVE-2023-35818
~~~~~~~~~~~~~~
Security Advisory Concerning Bypassing Secure Boot and Flash Encryption Using EMFI
* Espressif Advisory: `AR2023-005`_
* Impact: Applicable for ESP32 Chip Revision v3.0/v3.1
* Resolution: Please see advisory for details
CVE-2023-24023
~~~~~~~~~~~~~~
Security Advisory Concerning the Bluetooth BLUFFS Vulnerability
* Espressif Advisory: `AR2023-010`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
CVE-2023-52160
~~~~~~~~~~~~~~
Security Advisory for PEAP Phase-2 Authentication
* Espressif Advisory: `AR2024-003`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
CVE-2022
--------
CVE-2022-24893
~~~~~~~~~~~~~~
Espressif Bluetooth Mesh Stack Vulnerability
* Espressif Advisory: NA (Published on GitHub)
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
* Advisory pointer: `GHSA-7f7f-jj2q-28wm`_
CVE-2021
--------
CVE-2021-32020
~~~~~~~~~~~~~~
Insufficient bounds checking during management of heap memory in FreeRTOS
* Impact: ESP-IDF uses its own heap allocator and hence not applicable
* Resolution: NA
CVE-2021-43997
~~~~~~~~~~~~~~
Privilege escalation issue in FreeRTOS ARMv7-M and ARMv8-M MPU ports
* Impact: Not applicable for Espressif chips
* Resolution: NA
CVE-2021-3420
~~~~~~~~~~~~~
Security Advisory on "BadAlloc" Vulnerabilities
* Espressif Advisory: `AR2021-005`_
* Impact: Not applicable for ESP-IDF
* Resolution: NA
CVE-2021-31571
~~~~~~~~~~~~~~
Security Advisory on "BadAlloc" Vulnerabilities
* Espressif Advisory: `AR2021-005`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
CVE-2021-31572
~~~~~~~~~~~~~~
Security Advisory on "BadAlloc" Vulnerabilities
* Espressif Advisory: `AR2021-005`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
CVE-2021-28139
~~~~~~~~~~~~~~
Security Advisory for Bluetooth Vulnerability
* Covers additional CVEs: CVE-2020-10135, CVE-2020-13595, CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560, CVE-2021-28135, CVE-2021-28136
* Espressif Advisory: `AR2021-004`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
CVE-2020
--------
CVE-2020-22283
~~~~~~~~~~~~~~
Buffer overflow vulnerability in lwIP stack
* Espressif Advisory: NA
* Impact: Applicable for ESP-IDF
* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1
CVE-2020-22284
~~~~~~~~~~~~~~
Buffer overflow vulnerability in lwIP stack
* Espressif Advisory: NA
* Impact: Applicable for ESP-IDF
* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1
CVE-2020-26142
~~~~~~~~~~~~~~
Security Advisory for WLAN FragAttacks
* Espressif Advisory: `AR2023-008`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
CVE-2020-12638
~~~~~~~~~~~~~~
Security Advisory Concerning Wi-Fi Authentication Bypass
* Espressif Advisory: `AR2020-002`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
.. _`AR2020-002`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2020-002%20Security%20Advisory%20Concerning%20Wi-Fi%20Authentication%20Bypass%20V1.1%20EN.pdf
.. _`AR2021-004`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-004%20Bluetooth%20Security%20Advisory.pdf
.. _`AR2021-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-005%20Security%20Advisory%20on%20BadAlloc%20Vulnerabilities.pdf
.. _`AR2023-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%20Advisory%20Concerning%20Bypassing%20Secure%20Boot%20and%20Flash%20Encryption%20Using%20EMFI%20EN.pdf
.. _`AR2023-008`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-008%20Security%20Advisory%20for%20WLAN%20FragAttacks%20v1.1%20EN_0.pdf
.. _`AR2023-010`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-010%20Security%20Advisory%20Concerning%20the%20Bluetooth%20BLUFFS%20Vulnerability%20EN.pdf
.. _`AR2024-003`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2024-003%20Security%20Advisory%20for%20PEAP%20Phase-2%20authentication%20EN.pdf
.. _`GHSA-22x6-3756-pfp8` : https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8
.. _`GHSA-7f7f-jj2q-28wm` : https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm