Silabs Gecko_software_development_kit
30 CVEs affecting Silabs Gecko_software_development_kit. Latest disclosed: 2024-02-21. Critical: 9, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-45318 | Critical | 10.0 | 2024-02-20 | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network p… |
CVE-2023-2686 | Critical | 9.8 | 2023-06-15 | Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. |
CVE-2023-4280 | Critical | 9.3 | 2024-01-02 | An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory… |
CVE-2023-4020 | Critical | 9.0 | 2023-12-15 | An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows r… |
CVE-2023-31247 | Critical | 9.0 | 2023-11-14 | A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network… |
CVE-2023-28391 | Critical | 9.0 | 2023-11-14 | A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets… |
CVE-2023-28379 | Critical | 9.0 | 2023-11-14 | A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet… |
CVE-2023-27882 | Critical | 9.0 | 2023-11-14 | A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted netwo… |
CVE-2023-25181 | Critical | 9.0 | 2023-11-14 | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network pack… |
CVE-2023-24585 | High | 7.7 | 2023-11-14 | An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead t… |
CVE-2023-6874 | High | 7.5 | 2024-02-05 | Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number |
CVE-2023-6387 | High | 7.5 | 2024-02-02 | A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execu… |
CVE-2024-22473 | Medium | 6.8 | 2024-02-21 | TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing… |
CVE-2023-5138 | Medium | 6.8 | 2024-01-03 | Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. |
CVE-2024-0240 | Medium | 6.5 | 2024-02-15 | A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this res… |
CVE-2023-0775 | Medium | 6.5 | 2023-03-28 | An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests… |
CVE-2023-3024 | Medium | 5.9 | 2023-09-29 | Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. |
CVE-2022-24939 | Medium | 5.7 | 2022-11-18 | A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset… |
CVE-2023-32100 | Medium | 5.3 | 2023-05-18 | Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication… |
CVE-2023-32099 | Medium | 5.3 | 2023-05-18 | Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to R… |