Details of VAR-202109-0564

ID

VAR-202109-0564

CVE

CVE-2021-28136

TITLE

Espressif ESP-IDF Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011308

DESCRIPTION

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet. Espressif ESP-IDF Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Espressif ESP-IDF is a development framework for the Internet of Things developed by Espressif. There is a buffer error vulnerability in Espressif ESP-IDF, which originates from the Bluetooth classic implementation in Espressif ESP-IDF 4.4 and earlier versions

Trust: 2.79

sources: NVD: CVE-2021-28136 // JVNDB: JVNDB-2021-011308 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-166 // VULMON: CVE-2021-28136

IOT TAXONOMY

category:	['network device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['network device', 'embedded device']	sub_category:	bluetooth device	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	espressif	model:	esp-idf	scope:	lte	version:	4.4	Trust: 1.0
vendor:	espressif	model:	esp-idf	scope:	lte	version:	4.4 and earlier	Trust: 0.8
vendor:	espressif	model:	esp-idf	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-011308 // NVD: CVE-2021-28136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-28136
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-28136
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-166
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-28136
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-28136
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-28136
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-28136
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-28136 // JVNDB: JVNDB-2021-011308 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-166 // NVD: CVE-2021-28136

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011308 // NVD: CVE-2021-28136

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-166

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

ESP32 BT/BLE Stack Libraries

url:

https://www.espressif.com/en/products/socs/esp32

Trust: 0.8

sources: JVNDB: JVNDB-2021-011308

EXTERNAL IDS

db:	NVD	id:	CVE-2021-28136	Trust: 3.5
db:	JVNDB	id:	JVNDB-2021-011308	Trust: 0.8
db:	PACKETSTORM	id:	164037	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021090604	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-166	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-28136	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-28136 // JVNDB: JVNDB-2021-011308 // PACKETSTORM: 164037 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-166 // NVD: CVE-2021-28136

REFERENCES

url:	https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Trust: 2.5
url:	https://github.com/espressif/esp32-bt-lib	Trust: 1.7
url:	https://www.espressif.com/en/products/socs/esp32	Trust: 1.7
url:	https://github.com/espressif/esp-idf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28136	Trust: 1.5
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://packetstormsecurity.com/files/164037/braktooth-causing-havoc-on-bluetooth-link-manager.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/bluetooth-implementations-multiple-vulnerabilities-via-braktooth-36316	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021090604	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31609	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31786	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28155	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34145	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28135	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34150	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34149	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34148	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28139	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34143	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31610	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31613	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31612	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31717	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34144	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34147	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31785	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34146	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31611	Trust: 0.1

CREDITS

Vaibhav Bedi, Matheus E. Garbelini, Ernest Kurniawan, Sudipta Chattopadhyay, Sumei Sun

Trust: 0.1

sources: PACKETSTORM: 164037

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2021-28136
db:	JVNDB	id:	JVNDB-2021-011308
db:	PACKETSTORM	id:	164037
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-166
db:	NVD	id:	CVE-2021-28136

LAST UPDATE DATE

2025-01-30T20:47:24.127000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-28136	date:	2021-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-011308	date:	2022-07-26T07:46:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-166	date:	2021-09-14T00:00:00
db:	NVD	id:	CVE-2021-28136	date:	2021-09-09T23:32:23.887

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-28136	date:	2021-09-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-011308	date:	2022-07-26T00:00:00
db:	PACKETSTORM	id:	164037	date:	2021-09-03T15:17:20
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-166	date:	2021-09-03T00:00:00
db:	NVD	id:	CVE-2021-28136	date:	2021-09-07T06:15:07.330