CVE-2021-28135

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
3.3
LOW
Affected
2
PROJECTS

Description

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.

espressif/esp-idf
espressif/esp-idf
Espressif IoT Development Framework. Official development framework for Espressif SoCs.
GitHubGitHub
18.2K
espressif/esp32-bt-lib
espressif/esp32-bt-lib
ESP32 Bluetooth stack (below HCI layer) precompiled libraries
GitHubGitHub
89