ESP-IDF update for ESP-32 to protect against Braktooth

cesanta / mongoose-os

Mongoose OS - an IoT Firmware Development Framework. Supported microcontrollers: ESP32, ESP8266, CC3220, CC3200, STM32F4, STM32L4, STM32F7. Amazon AWS IoT, Microsoft Azure, Google IoT Core integrated. Code in C or JavaScript.

https://mongoose-os.com

Other

2.48k stars 430 forks source link

ESP-IDF update for ESP-32 to protect against Braktooth #580

Closed adamrhass closed 2 years ago

adamrhass commented 2 years ago

As noted here (https://asset-group.github.io/disclosures/braktooth/), there are security issues that need to be fixed with an ESP-IDF update because of the Braktooth vulnerabilities. Since mongoose sits on top of the ESP-IDF, I assume this update needs to come from mongoose. It looks like the current version is on 4.2r-1 which I believe was released 9 months ago. I am not an expert on this subject. I just want to make sure our devices stay secure. I also noticed this issue by @rojer #565 .

rojer commented 2 years ago

updated to the tip of upstream 4.2