Description
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://github.com/espressif/esp-idf
Third Party Advisory x_refsource_misc
https://github.com/espressif/esp32-bt-lib
Product x_refsource_misc
https://www.espressif.com/en/products/socs/esp32
Broken Link x_refsource_misc
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
Scores
CVSS v3
6.5
EPSS
0.0028
EPSS Percentile
51.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (1)
espressif/esp-idf
< 4.4
Published
Sep 07, 2021
Tracked Since
Feb 18, 2026