esp-idf/docs/en/security/vulnerabilities.rst

Vulnerabilities
===============

This page briefly lists all of the vulnerabilities that are discovered and fixed in each release. Please note that for the on-going issues or the issues under embargo period, the information on this page may reflect once the desired resolution has been achieved.


.. note::
   Please refer to ``latest`` version of this documentation guide for up-to-date information.

CVE-2024
--------

CVE-2024-30949
~~~~~~~~~~~~~~

RISC-V gettimeofday system call vulnerability in Newlib's

* Impact: ESP-IDF does not use system call implementations from Newlib
* Resolution: NA


CVE-2024-28183
~~~~~~~~~~~~~~

Bootloader TOCTOU Vulnerability in Anti-rollback Scheme

* Espressif Advisory: NA (Published on GitHub)
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
* Advisory pointer: `GHSA-22x6-3756-pfp8`_


CVE-2023
--------

CVE-2023-35818
~~~~~~~~~~~~~~

Security Advisory Concerning Bypassing Secure Boot and Flash Encryption Using EMFI

* Espressif Advisory: `AR2023-005`_
* Impact: Applicable for ESP32 Chip Revision v3.0/v3.1
* Resolution: Please see advisory for details


CVE-2023-24023
~~~~~~~~~~~~~~

Security Advisory Concerning the Bluetooth BLUFFS Vulnerability

* Espressif Advisory: `AR2023-010`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details


CVE-2023-52160
~~~~~~~~~~~~~~

Security Advisory for PEAP Phase-2 Authentication

* Espressif Advisory: `AR2024-003`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details


CVE-2022
--------

CVE-2022-24893
~~~~~~~~~~~~~~

Espressif Bluetooth Mesh Stack Vulnerability

* Espressif Advisory: NA (Published on GitHub)
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details
* Advisory pointer: `GHSA-7f7f-jj2q-28wm`_


CVE-2021
--------

CVE-2021-32020
~~~~~~~~~~~~~~

Insufficient bounds checking during management of heap memory in FreeRTOS

* Impact: ESP-IDF uses its own heap allocator and hence not applicable
* Resolution: NA

CVE-2021-43997
~~~~~~~~~~~~~~

Privilege escalation issue in FreeRTOS ARMv7-M and ARMv8-M MPU ports

* Impact: Not applicable for Espressif chips
* Resolution: NA

CVE-2021-3420
~~~~~~~~~~~~~

Security Advisory on "BadAlloc" Vulnerabilities

* Espressif Advisory: `AR2021-005`_
* Impact: Not applicable for ESP-IDF
* Resolution: NA

CVE-2021-31571
~~~~~~~~~~~~~~

Security Advisory on "BadAlloc" Vulnerabilities

* Espressif Advisory: `AR2021-005`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details

CVE-2021-31572
~~~~~~~~~~~~~~

Security Advisory on "BadAlloc" Vulnerabilities

* Espressif Advisory: `AR2021-005`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details

CVE-2021-28139
~~~~~~~~~~~~~~

Security Advisory for Bluetooth Vulnerability

* Covers additional CVEs: CVE-2020-10135, CVE-2020-13595, CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560, CVE-2021-28135, CVE-2021-28136
* Espressif Advisory: `AR2021-004`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details


CVE-2020
--------

CVE-2020-22283
~~~~~~~~~~~~~~

Buffer overflow vulnerability in lwIP stack

* Espressif Advisory: NA
* Impact: Applicable for ESP-IDF
* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1

CVE-2020-22284
~~~~~~~~~~~~~~

Buffer overflow vulnerability in lwIP stack

* Espressif Advisory: NA
* Impact: Applicable for ESP-IDF
* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1

CVE-2020-26142
~~~~~~~~~~~~~~

Security Advisory for WLAN FragAttacks

* Espressif Advisory: `AR2023-008`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details

CVE-2020-12638
~~~~~~~~~~~~~~

Security Advisory Concerning Wi-Fi Authentication Bypass

* Espressif Advisory: `AR2020-002`_
* Impact: Applicable for ESP-IDF
* Resolution: Please see advisory for details


.. _`AR2020-002`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2020-002%20Security%20Advisory%20Concerning%20Wi-Fi%20Authentication%20Bypass%20V1.1%20EN.pdf
.. _`AR2021-004`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-004%20Bluetooth%20Security%20Advisory.pdf
.. _`AR2021-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-005%20Security%20Advisory%20on%20BadAlloc%20Vulnerabilities.pdf
.. _`AR2023-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%20Advisory%20Concerning%20Bypassing%20Secure%20Boot%20and%20Flash%20Encryption%20Using%20EMFI%20EN.pdf
.. _`AR2023-008`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-008%20Security%20Advisory%20for%20WLAN%20FragAttacks%20v1.1%20EN_0.pdf
.. _`AR2023-010`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-010%20Security%20Advisory%20Concerning%20the%20Bluetooth%20BLUFFS%20Vulnerability%20EN.pdf
.. _`AR2024-003`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2024-003%20Security%20Advisory%20for%20PEAP%20Phase-2%20authentication%20EN.pdf
.. _`GHSA-22x6-3756-pfp8` : https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8
.. _`GHSA-7f7f-jj2q-28wm` : https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm
docs: add page to summarize the security vulnerabilities and advisories 2024-05-16 12:19:59 +05:30			`Vulnerabilities`
			`===============`

			`This page briefly lists all of the vulnerabilities that are discovered and fixed in each release. Please note that for the on-going issues or the issues under embargo period, the information on this page may reflect once the desired resolution has been achieved.`


			`.. note::`
			Please refer to ``latest`` version of this documentation guide for up-to-date information.

			`CVE-2024`
			`--------`

fix(newlib): sbom: add CVE-2024-30949 to cve-exclude-list 2024-09-06 18:27:09 +07:00			`CVE-2024-30949`
			`~~~~~~~~~~~~~~`

			`RISC-V gettimeofday system call vulnerability in Newlib's`

			`* Impact: ESP-IDF does not use system call implementations from Newlib`
			`* Resolution: NA`


docs: add page to summarize the security vulnerabilities and advisories 2024-05-16 12:19:59 +05:30			`CVE-2024-28183`
			`~~~~~~~~~~~~~~`

			`Bootloader TOCTOU Vulnerability in Anti-rollback Scheme`

			`* Espressif Advisory: NA (Published on GitHub)`
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Please see advisory for details`
			* Advisory pointer: `GHSA-22x6-3756-pfp8`_


			`CVE-2023`
			`--------`

			`CVE-2023-35818`
			`~~~~~~~~~~~~~~`

			`Security Advisory Concerning Bypassing Secure Boot and Flash Encryption Using EMFI`

			* Espressif Advisory: `AR2023-005`_
			`* Impact: Applicable for ESP32 Chip Revision v3.0/v3.1`
			`* Resolution: Please see advisory for details`


			`CVE-2023-24023`
			`~~~~~~~~~~~~~~`

			`Security Advisory Concerning the Bluetooth BLUFFS Vulnerability`

			* Espressif Advisory: `AR2023-010`_
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Please see advisory for details`

docs: Adds document for wifi PEAP phase 2 authentication security advisory. 2024-07-01 14:50:13 +05:30
			`CVE-2023-52160`
			`~~~~~~~~~~~~~~`

			`Security Advisory for PEAP Phase-2 Authentication`

			* Espressif Advisory: `AR2024-003`_
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Please see advisory for details`


docs: add page to summarize the security vulnerabilities and advisories 2024-05-16 12:19:59 +05:30			`CVE-2022`
			`--------`

			`CVE-2022-24893`
			`~~~~~~~~~~~~~~`

			`Espressif Bluetooth Mesh Stack Vulnerability`

			`* Espressif Advisory: NA (Published on GitHub)`
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Please see advisory for details`
			* Advisory pointer: `GHSA-7f7f-jj2q-28wm`_


			`CVE-2021`
			`--------`

			`CVE-2021-32020`
			`~~~~~~~~~~~~~~`

			`Insufficient bounds checking during management of heap memory in FreeRTOS`

			`* Impact: ESP-IDF uses its own heap allocator and hence not applicable`
			`* Resolution: NA`

			`CVE-2021-43997`
			`~~~~~~~~~~~~~~`

			`Privilege escalation issue in FreeRTOS ARMv7-M and ARMv8-M MPU ports`

			`* Impact: Not applicable for Espressif chips`
			`* Resolution: NA`

			`CVE-2021-3420`
			`~~~~~~~~~~~~~`

			`Security Advisory on "BadAlloc" Vulnerabilities`

			* Espressif Advisory: `AR2021-005`_
			`* Impact: Not applicable for ESP-IDF`
			`* Resolution: NA`

			`CVE-2021-31571`
			`~~~~~~~~~~~~~~`

			`Security Advisory on "BadAlloc" Vulnerabilities`

			* Espressif Advisory: `AR2021-005`_
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Please see advisory for details`

			`CVE-2021-31572`
			`~~~~~~~~~~~~~~`

			`Security Advisory on "BadAlloc" Vulnerabilities`

			* Espressif Advisory: `AR2021-005`_
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Please see advisory for details`

			`CVE-2021-28139`
			`~~~~~~~~~~~~~~`

			`Security Advisory for Bluetooth Vulnerability`

			`* Covers additional CVEs: CVE-2020-10135, CVE-2020-13595, CVE-2020-26555, CVE-2020-26556, CVE-2020-26557, CVE-2020-26558, CVE-2020-26559, CVE-2020-26560, CVE-2021-28135, CVE-2021-28136`
			* Espressif Advisory: `AR2021-004`_
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Please see advisory for details`


			`CVE-2020`
			`--------`

			`CVE-2020-22283`
			`~~~~~~~~~~~~~~`

			`Buffer overflow vulnerability in lwIP stack`

			`* Espressif Advisory: NA`
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1`

			`CVE-2020-22284`
			`~~~~~~~~~~~~~~`

			`Buffer overflow vulnerability in lwIP stack`

			`* Espressif Advisory: NA`
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Fix cherry-picked and available in ESP-IDF >= v4.4.1`

			`CVE-2020-26142`
			`~~~~~~~~~~~~~~`

			`Security Advisory for WLAN FragAttacks`

			* Espressif Advisory: `AR2023-008`_
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Please see advisory for details`

			`CVE-2020-12638`
			`~~~~~~~~~~~~~~`

			`Security Advisory Concerning Wi-Fi Authentication Bypass`

			* Espressif Advisory: `AR2020-002`_
			`* Impact: Applicable for ESP-IDF`
			`* Resolution: Please see advisory for details`


			.. _`AR2020-002`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2020-002%20Security%20Advisory%20Concerning%20Wi-Fi%20Authentication%20Bypass%20V1.1%20EN.pdf
			.. _`AR2021-004`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-004%20Bluetooth%20Security%20Advisory.pdf
			.. _`AR2021-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2021-005%20Security%20Advisory%20on%20BadAlloc%20Vulnerabilities.pdf
			.. _`AR2023-005`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%20Advisory%20Concerning%20Bypassing%20Secure%20Boot%20and%20Flash%20Encryption%20Using%20EMFI%20EN.pdf
			.. _`AR2023-008`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-008%20Security%20Advisory%20for%20WLAN%20FragAttacks%20v1.1%20EN_0.pdf
			.. _`AR2023-010`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-010%20Security%20Advisory%20Concerning%20the%20Bluetooth%20BLUFFS%20Vulnerability%20EN.pdf
docs: Adds document for wifi PEAP phase 2 authentication security advisory. 2024-07-01 14:50:13 +05:30			.. _`AR2024-003`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2024-003%20Security%20Advisory%20for%20PEAP%20Phase-2%20authentication%20EN.pdf
docs: add page to summarize the security vulnerabilities and advisories 2024-05-16 12:19:59 +05:30			.. _`GHSA-22x6-3756-pfp8` : https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8
			.. _`GHSA-7f7f-jj2q-28wm` : https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm