Filtered by vendor Silabs
Subscriptions
Total
69 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-45318 | 2 Silabs, Weston-embedded | 2 Gecko Platform, Uc-http | 2024-11-21 | 10 Critical |
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
CVE-2023-41097 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 4.6 Medium |
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | ||||
CVE-2023-41096 | 1 Silabs | 1 Emberznet Sdk | 2024-11-21 | 6.8 Medium |
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. | ||||
CVE-2023-41095 | 1 Silabs | 1 Openthread Sdk | 2024-11-21 | 6.8 Medium |
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier. | ||||
CVE-2023-41094 | 1 Silabs | 1 Emberznet | 2024-11-21 | 10 Critical |
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected | ||||
CVE-2023-41093 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-11-21 | 3.1 Low |
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0. | ||||
CVE-2023-3488 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 3.8 Low |
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. | ||||
CVE-2023-3487 | 1 Silabs | 1 Gecko Bootloader | 2024-11-21 | 7.7 High |
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | ||||
CVE-2023-3024 | 2 Qualcomm, Silabs | 9 Aqt1000, Csrb31024, Wcd9370 and 6 more | 2024-11-21 | 5.9 Medium |
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | ||||
CVE-2023-32100 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 5.3 Medium |
Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
CVE-2023-32099 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 5.3 Medium |
Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
CVE-2023-32098 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 5.3 Medium |
Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
CVE-2023-32097 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 3.1 Low |
Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
CVE-2023-32096 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 3.1 Low |
Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
CVE-2023-31247 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 9 Critical |
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
CVE-2023-2687 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 2.9 Low |
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | ||||
CVE-2023-2481 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 5.3 Medium |
Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
CVE-2023-28391 | 2 Silabs, Weston-embedded | 4 Gecko Platform, Gecko Software Development Kit, Cesium Net and 1 more | 2024-11-21 | 9 Critical |
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
CVE-2023-28379 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 9 Critical |
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
CVE-2023-27882 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 9 Critical |
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. |