CVE-2023-46894: esptool allows attackers to view sensitive information via weak cryptographic algorithm

November 9, 2023 (updated November 15, 2023)

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

References

github.com/advisories/GHSA-3f38-96qm-r3fw
github.com/espressif/esptool/issues/926
nvd.nist.gov/vuln/detail/CVE-2023-46894

Detect and mitigate CVE-2023-46894 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →