CVE-2023-41097

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

History

25 Sep 2024, 17:15

Type Values Removed Values Added
Summary (en) An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. (en) An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.
CWE CWE-385 CWE-327

03 Jan 2024, 17:22

Type Values Removed Values Added
CPE cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*
CWE CWE-203
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1 - () https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1 - Permissions Required
References () https://github.com/SiliconLabs/gecko_sdk/releases - () https://github.com/SiliconLabs/gecko_sdk/releases - Release Notes
First Time Silabs gecko Software Development Kit
Silabs

21 Dec 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-21 21:15

Updated : 2024-09-25 17:15


NVD link : CVE-2023-41097

Mitre link : CVE-2023-41097

CVE.ORG link : CVE-2023-41097


JSON object : View

Products Affected

silabs

  • gecko_software_development_kit
CWE
CWE-203

Observable Discrepancy

CWE-208

Observable Timing Discrepancy

CWE-327

Use of a Broken or Risky Cryptographic Algorithm