Main Vulnerability Database SB2019091004

SB2019091004 - Denial of Service in Espressif ESP8266_NONOS_SDK

Published: September 10, 2019

Security Bulletin ID SB2019091004

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-12588)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of the RSN AuthKey suite list count in beacon frames, probe responses, and association responses by the client 802.11 mac implementation. A local attacker in radio range can send a specially crafted message and crash the application.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://github.com/espressif
https://github.com/Matheus-Garbelini/esp32_esp8266_attacks
https://matheus-garbelini.github.io/home/post/esp8266-beacon-frame-crash/