CVE-2019-12588

Name of the Vulnerable Software and Affected Versions Espressif ESP8266 NONOS SDK versions 2.2.0 through 3.1.0

Description The issue is related to the client 802.11 mac implementation, which does not correctly validate the RSN AuthKey suite list count in certain frames. This allows attackers within radio range to cause a denial of service, resulting in a crash, by sending a crafted message.

Recommendations For Espressif ESP8266 NONOS SDK versions 2.2.0 through 3.1.0, consider applying a patch or update that fixes the validation of the RSN AuthKey suite list count in beacon frames, probe responses, and association responses to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.