What is CVE-2024-4013?

CVE-2024-4013 is a medium-severity vulnerability in Silabs.com Gecko Sdk, classified under Improper Resource Shutdown or Release. CVSS score: 5.6/10. Published 2024-06-06.

How severe is CVE-2024-4013?

Medium severity. CVSS v3 base score is 5.6 out of 10.

Vulnerability in Silabs.com Gecko Sdk

CVE-2024-4013

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the…

EPSS: 0.002 (38.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.6 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Silabs.com Gecko Sdk — versions 3.1.0

Weakness classification (CWE)

CWE-404 — Improper Resource Shutdown or Release

References

community.silabs.com/068Vm000006rR53 (vendor-advisory, permissions-required)
github.com/SiliconLabs/gecko_sdk/releases (product)

Frequently asked questions

What is CVE-2024-4013?: CVE-2024-4013 is a medium-severity vulnerability in Silabs.com Gecko Sdk, classified under Improper Resource Shutdown or Release. CVSS score: 5.6/10. Published 2024-06-06.
How severe is CVE-2024-4013?: Medium severity. CVSS v3 base score is 5.6 out of 10.