From acdab884788ae0f5dec43784ff50988131e41e73 Mon Sep 17 00:00:00 2001
From: sampion88 <sammaertens@gmail.com>
Date: Fri, 24 Jan 2025 11:57:23 +0100
Subject: [PATCH 1/2] new vulnerability in espressif.esp-idf

---
 input/new.json | 33 +++++++++++++++++++++------------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/input/new.json b/input/new.json
index 87646b9..67e0d2a 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,15 +1,24 @@
 {
-  "package_name": "",
-  "patch_versions": [],
-  "vulnerable_ranges": [],
-  "cwe": [],
-  "tldr": "",
-  "doest_this_affect_me": "",
-  "how_to_fix": "",
-  "vulnerable_to": "",
+  "package_name": "espressif.esp-idf",
+  "patch_versions": [
+    "5.0.8"
+  ],
+  "vulnerable_ranges": [
+    [
+      "4.1-beta1",
+      "5.0.7"
+    ]
+  ],
+  "cwe": [
+    "CWE-284"
+  ],
+  "tldr": "A vulnerability exists in the Wifi component in the `hostapd` and `wpa_supplicant` implementations of SAE (Simultaneous Authentication of Equals) with the hash-to-element (H2E) option. This flaw allows an attacker to modify SAE commit messages, bypassing downgrade protection for group negotiation in certain scenarios. \n\nThe issue arises when both the access point (AP) and station (STA) use SAE H2E and support multiple groups. The attacker can exploit this to force the negotiation of a weaker group, compromising the security of the connection. However, the vulnerability does not affect the default configuration since:\n1. The H2E option is not enabled by default.\n2. The default SAE group configuration in `hostapd` typically enables only one group, which prevents this attack.\n\nThis vulnerability is only applicable if the H2E option is enabled and `hostapd` is explicitly configured to support multiple groups.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `espressif.esp-idf` library to the patch version.",
+  "vulnerable_to": "Improper Access Control",
   "related_cve_id": "",
-  "language": "",
-  "severity_class": "",
-  "aikido_score": 0,
-  "changelog": ""
+  "language": "c++",
+  "severity_class": "MEDIUM",
+  "aikido_score": 50,
+  "changelog": "https://github.com/espressif/esp-idf/releases/tag/v5.0.8"
 }

From 86e15897268de0a64d9dd3d954424abb9827d244 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Fri, 24 Jan 2025 15:43:11 +0000
Subject: [PATCH 2/2] Move new vulnerability to
 vulnerabilities/AIKIDO-2025-10039.json and reset new.json template

---
 input/new.json                         | 33 ++++++++++----------------
 vulnerabilities/AIKIDO-2025-10039.json | 26 ++++++++++++++++++++
 2 files changed, 38 insertions(+), 21 deletions(-)
 create mode 100644 vulnerabilities/AIKIDO-2025-10039.json

diff --git a/input/new.json b/input/new.json
index 67e0d2a..87646b9 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,24 +1,15 @@
 {
-  "package_name": "espressif.esp-idf",
-  "patch_versions": [
-    "5.0.8"
-  ],
-  "vulnerable_ranges": [
-    [
-      "4.1-beta1",
-      "5.0.7"
-    ]
-  ],
-  "cwe": [
-    "CWE-284"
-  ],
-  "tldr": "A vulnerability exists in the Wifi component in the `hostapd` and `wpa_supplicant` implementations of SAE (Simultaneous Authentication of Equals) with the hash-to-element (H2E) option. This flaw allows an attacker to modify SAE commit messages, bypassing downgrade protection for group negotiation in certain scenarios. \n\nThe issue arises when both the access point (AP) and station (STA) use SAE H2E and support multiple groups. The attacker can exploit this to force the negotiation of a weaker group, compromising the security of the connection. However, the vulnerability does not affect the default configuration since:\n1. The H2E option is not enabled by default.\n2. The default SAE group configuration in `hostapd` typically enables only one group, which prevents this attack.\n\nThis vulnerability is only applicable if the H2E option is enabled and `hostapd` is explicitly configured to support multiple groups.",
-  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
-  "how_to_fix": "Upgrade the `espressif.esp-idf` library to the patch version.",
-  "vulnerable_to": "Improper Access Control",
+  "package_name": "",
+  "patch_versions": [],
+  "vulnerable_ranges": [],
+  "cwe": [],
+  "tldr": "",
+  "doest_this_affect_me": "",
+  "how_to_fix": "",
+  "vulnerable_to": "",
   "related_cve_id": "",
-  "language": "c++",
-  "severity_class": "MEDIUM",
-  "aikido_score": 50,
-  "changelog": "https://github.com/espressif/esp-idf/releases/tag/v5.0.8"
+  "language": "",
+  "severity_class": "",
+  "aikido_score": 0,
+  "changelog": ""
 }
diff --git a/vulnerabilities/AIKIDO-2025-10039.json b/vulnerabilities/AIKIDO-2025-10039.json
new file mode 100644
index 0000000..642783c
--- /dev/null
+++ b/vulnerabilities/AIKIDO-2025-10039.json
@@ -0,0 +1,26 @@
+{
+  "package_name": "espressif.esp-idf",
+  "patch_versions": [
+    "5.0.8"
+  ],
+  "vulnerable_ranges": [
+    [
+      "4.1-beta1",
+      "5.0.7"
+    ]
+  ],
+  "cwe": [
+    "CWE-284"
+  ],
+  "tldr": "A vulnerability exists in the Wifi component in the `hostapd` and `wpa_supplicant` implementations of SAE (Simultaneous Authentication of Equals) with the hash-to-element (H2E) option. This flaw allows an attacker to modify SAE commit messages, bypassing downgrade protection for group negotiation in certain scenarios. \n\nThe issue arises when both the access point (AP) and station (STA) use SAE H2E and support multiple groups. The attacker can exploit this to force the negotiation of a weaker group, compromising the security of the connection. However, the vulnerability does not affect the default configuration since:\n1. The H2E option is not enabled by default.\n2. The default SAE group configuration in `hostapd` typically enables only one group, which prevents this attack.\n\nThis vulnerability is only applicable if the H2E option is enabled and `hostapd` is explicitly configured to support multiple groups.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `espressif.esp-idf` library to the patch version.",
+  "vulnerable_to": "Improper Access Control",
+  "related_cve_id": "",
+  "language": "c++",
+  "severity_class": "MEDIUM",
+  "aikido_score": 50,
+  "changelog": "https://github.com/espressif/esp-idf/releases/tag/v5.0.8",
+  "last_modified": "2025-01-24",
+  "published": "2025-01-24"
+}