CVE-2022-24893

Source
https://cve.org/CVERecord?id=CVE-2022-24893
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24893.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-24893
Aliases
  • GHSA-7f7f-jj2q-28wm
Published
2022-06-25T06:55:09Z
Modified
2026-07-08T05:57:50.557263871Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption
Details

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (ESP-BLE-MESH), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of ESP-BLE-MESH component from ESP-IDF. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24893.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-787",
        "CWE-788"
    ]
}
References

Affected packages

Git / github.com/espressif/esp-idf

Affected ranges

Type
GIT
Repo
https://github.com/espressif/esp-idf
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.1.4"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.4"
        },
        {
            "introduced": "4.3.2"
        },
        {
            "fixed": "4.3.3"
        },
        {
            "introduced": "4.4.1"
        },
        {
            "fixed": "4.4.2"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

4.*
4.1.3
4.2.3
4.3.2
4.4.1
v0.*
v0.9
v1.*
v1.0
v2.*
v2.0-rc1
v2.1-rc1
v3.*
v3.0-dev
v3.1-beta1
v3.1-dev
v3.2-beta1
v3.2-dev
v3.3-beta1
v3.3-beta2
v3.3-dev
v4.*
v4.0-dev
v4.1
v4.1-beta1
v4.1-beta2
v4.1-dev
v4.1-rc
v4.2
v4.2-beta1
v4.2-dev
v4.2-rc
v4.3-beta1
v4.3-beta2
v4.3-beta3
v4.3-dev
v4.3-rc
v4.4-beta1
v4.4-rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24893.json"