Filtered by vendor Silabs Subscriptions
Total 69 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-45318 2 Silabs, Weston-embedded 2 Gecko Platform, Uc-http 2024-11-21 10 Critical
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2023-41097 1 Silabs 1 Gecko Software Development Kit 2024-11-21 4.6 Medium
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.
CVE-2023-41096 1 Silabs 1 Emberznet Sdk 2024-11-21 6.8 Medium
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
CVE-2023-41095 1 Silabs 1 Openthread Sdk 2024-11-21 6.8 Medium
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.
CVE-2023-41094 1 Silabs 1 Emberznet 2024-11-21 10 Critical
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected
CVE-2023-41093 1 Silabs 1 Bluetooth Low Energy Software Development Kit 2024-11-21 3.1 Low
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.
CVE-2023-3488 1 Silabs 1 Gecko Software Development Kit 2024-11-21 3.8 Low
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.
CVE-2023-3487 1 Silabs 1 Gecko Bootloader 2024-11-21 7.7 High
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.
CVE-2023-3024 2 Qualcomm, Silabs 9 Aqt1000, Csrb31024, Wcd9370 and 6 more 2024-11-21 5.9 Medium
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
CVE-2023-32100 1 Silabs 1 Gecko Software Development Kit 2024-11-21 5.3 Medium
Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-32099 1 Silabs 1 Gecko Software Development Kit 2024-11-21 5.3 Medium
Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-32098 1 Silabs 1 Gecko Software Development Kit 2024-11-21 5.3 Medium
Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-32097 1 Silabs 1 Gecko Software Development Kit 2024-11-21 3.1 Low
Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-32096 1 Silabs 1 Gecko Software Development Kit 2024-11-21 3.1 Low
Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-31247 2 Silabs, Weston-embedded 3 Gecko Software Development Kit, Cesium Net, Uc-http 2024-11-21 9 Critical
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2023-2687 1 Silabs 1 Gecko Software Development Kit 2024-11-21 2.9 Low
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.
CVE-2023-2481 1 Silabs 1 Gecko Software Development Kit 2024-11-21 5.3 Medium
Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-28391 2 Silabs, Weston-embedded 4 Gecko Platform, Gecko Software Development Kit, Cesium Net and 1 more 2024-11-21 9 Critical
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2023-28379 2 Silabs, Weston-embedded 3 Gecko Software Development Kit, Cesium Net, Uc-http 2024-11-21 9 Critical
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2023-27882 2 Silabs, Weston-embedded 3 Gecko Software Development Kit, Cesium Net, Uc-http 2024-11-21 9 Critical
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.