Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

new vulnerability in espressif.esp-idf #90

Closed
wants to merge 3 commits into from
Closed

new vulnerability in espressif.esp-idf #90

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
acdab88
new vulnerability in espressif.esp-idf
sampion88 Jan 24, 2025
86e1589
Move new vulnerability to vulnerabilities/AIKIDO-2025-10039.json and …
github-actions[bot] Jan 24, 2025
948da2c
Merge branch 'main' into new-in-esp-idf
sampion88 Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 11 additions & 27 deletions vulnerabilities/AIKIDO-2025-10039.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,42 +1,26 @@
{
"package_name": "johnpbloch/wordpress-core",
"package_name": "espressif.esp-idf",
"patch_versions": [
"5.9.7",
"6.0.5",
"6.1.3",
"6.2.2"
"5.0.8"
],
"vulnerable_ranges": [
[
"5.9.0",
"5.9.6"
],
[
"6.0.0",
"6.0.4"
],
[
"6.1.0",
"6.1.2"
],
[
"6.2.0",
"6.2.1"
"4.1-beta1",
"5.0.7"
]
],
"cwe": [
"CWE-349"
"CWE-284"
],
"tldr": "Affected versions of this package are vulnerable to the acceptance of extraneous untrusted data alongside trusted data during the processing of shortcodes in user-generated content. This flaw allows an attacker to inject and manipulate content by submitting crafted comments or other forms of input. Exploiting this vulnerability can alter content display or functionality, potentially misleading users, disrupting application behavior, or introducing malicious elements.",
"tldr": "A vulnerability exists in the Wifi component in the `hostapd` and `wpa_supplicant` implementations of SAE (Simultaneous Authentication of Equals) with the hash-to-element (H2E) option. This flaw allows an attacker to modify SAE commit messages, bypassing downgrade protection for group negotiation in certain scenarios. \n\nThe issue arises when both the access point (AP) and station (STA) use SAE H2E and support multiple groups. The attacker can exploit this to force the negotiation of a weaker group, compromising the security of the connection. However, the vulnerability does not affect the default configuration since:\n1. The H2E option is not enabled by default.\n2. The default SAE group configuration in `hostapd` typically enables only one group, which prevents this attack.\n\nThis vulnerability is only applicable if the H2E option is enabled and `hostapd` is explicitly configured to support multiple groups.",
"doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
"how_to_fix": "Upgrade the `johnpbloch/wordpress-core` library to a patch version.",
"reporter": "",
"vulnerable_to": "Acceptance of Extraneous Untrusted Data With Trusted Data",
"how_to_fix": "Upgrade the `espressif.esp-idf` library to the patch version.",
"vulnerable_to": "Improper Access Control",
"related_cve_id": "",
"language": "PHP",
"language": "c++",
"severity_class": "MEDIUM",
"aikido_score": 69,
"changelog": "https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/",
"aikido_score": 50,
"changelog": "https://github.com/espressif/esp-idf/releases/tag/v5.0.8",
"last_modified": "2025-01-24",
"published": "2025-01-24"
}
Loading