Filtered by vendor Silabs
Subscribe
Total
63 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-41093 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-09-10 | N/A | 3.1 LOW |
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0. | |||||
CVE-2023-6387 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 7.5 HIGH |
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | |||||
CVE-2023-5310 | 1 Silabs | 3 Z-wave Long Range 700, Z-wave Long Range 800, Z-wave Software Development Kit | 2024-02-28 | N/A | 6.5 MEDIUM |
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. | |||||
CVE-2023-27882 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-02-28 | N/A | 9.8 CRITICAL |
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2023-31247 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-02-28 | N/A | 9.8 CRITICAL |
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2023-24585 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-02-28 | N/A | 9.8 CRITICAL |
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | |||||
CVE-2023-6874 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 7.5 HIGH |
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number | |||||
CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 9.8 CRITICAL |
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | |||||
CVE-2023-4020 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 9.1 CRITICAL |
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. | |||||
CVE-2023-4489 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-02-28 | N/A | 9.8 CRITICAL |
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. | |||||
CVE-2023-28379 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-02-28 | N/A | 9.8 CRITICAL |
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2023-25181 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-02-28 | N/A | 9.8 CRITICAL |
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2023-28391 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-02-28 | N/A | 9.8 CRITICAL |
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2023-5138 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 6.8 MEDIUM |
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. | |||||
CVE-2023-41097 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 7.5 HIGH |
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | |||||
CVE-2023-41095 | 1 Silabs | 1 Openthread Sdk | 2024-02-28 | N/A | 9.1 CRITICAL |
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier. | |||||
CVE-2020-27630 | 1 Silabs | 1 Uc\/tcp-ip | 2024-02-28 | N/A | 9.8 CRITICAL |
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | |||||
CVE-2023-41094 | 1 Silabs | 1 Emberznet | 2024-02-28 | N/A | 9.8 CRITICAL |
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected | |||||
CVE-2023-41096 | 1 Silabs | 1 Emberznet Sdk | 2024-02-28 | N/A | 6.1 MEDIUM |
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. | |||||
CVE-2023-4041 | 1 Silabs | 1 Gecko Bootloader | 2024-02-28 | N/A | 9.8 CRITICAL |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. |