CVE-2023-46894 – esptool

Package

Manager: pip
Name: esptool
Vulnerable Version: >=0 <=4.6.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0008 pctl0.2447

Details

esptool allows attackers to view sensitive information via weak cryptographic algorithm An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

Metadata

Created: 2023-11-09T18:34:55Z
Modified: 2023-11-15T18:21:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-3f38-96qm-r3fw/GHSA-3f38-96qm-r3fw.json
CWE IDs: ["CWE-326"]
Alternative ID: GHSA-3f38-96qm-r3fw
Finding: F052
Auto approve: 1