CVE-2022-24893

Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.

ESP-IDF es el marco de desarrollo oficial de los SoC de Espressif. En el SDK de malla Bluetooth de Espressif ("ESP-BLE-MESH"), puede desencadenarse una vulnerabilidad de corrupción de memoria durante el aprovisionamiento, debido a que no es comprobado el campo "SegN" de la PDU de inicio de transacción. Esto puede resultar en ataques relacionados con la corrupción de la memoria y, potencialmente, a que un atacante obtenga el control de todo el sistema. Los parches están disponibles en las ramas 4.1, 4.2, 4.3 y 4.4 y es recomendado a usuarios actualizar. La actualización es aplicable a todas las aplicaciones y usuarios del componente "ESP-BLE-MESH" de "ESP-IDF". Como es implementado en la pila de Bluetooth Mesh, no se presenta ninguna mitigación para que el usuario arregle la capa de la aplicación sin actualizar el firmware subyacente

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-02-10 CVE Reserved
2022-06-25 CVE Published
2024-01-16 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write
CWE-788: Access of Memory Location After End of Buffer

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm	2022-07-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Espressif Search vendor "Espressif"		Esp-idf Search vendor "Espressif" for product "Esp-idf"				4.1.3 Search vendor "Espressif" for product "Esp-idf" and version "4.1.3"		-		Affected
Espressif Search vendor "Espressif"		Esp-idf Search vendor "Espressif" for product "Esp-idf"				4.2.3 Search vendor "Espressif" for product "Esp-idf" and version "4.2.3"		-		Affected
Espressif Search vendor "Espressif"		Esp-idf Search vendor "Espressif" for product "Esp-idf"				4.3.2 Search vendor "Espressif" for product "Esp-idf" and version "4.3.2"		-		Affected
Espressif Search vendor "Espressif"		Esp-idf Search vendor "Espressif" for product "Esp-idf"				4.4.1 Search vendor "Espressif" for product "Esp-idf" and version "4.4.1"		-		Affected