Filtered by vendor Silabs
Subscriptions
Total
69 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-2686 | 1 Silabs | 1 Gecko Software Development Kit | 2024-12-12 | 9.8 Critical |
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | ||||
CVE-2023-2683 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-12-12 | 5.3 Medium |
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. | ||||
CVE-2023-2747 | 1 Silabs | 1 Gecko Software Development Kit | 2024-12-11 | 3.1 Low |
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. | ||||
CVE-2023-3110 | 1 Silabs | 1 Unify Software Development Kit | 2024-12-09 | 9.6 Critical |
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
CVE-2023-0969 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-12-06 | 3.5 Low |
A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. | ||||
CVE-2023-0970 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-12-06 | 7.1 High |
Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. | ||||
CVE-2023-0971 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-12-06 | 9.6 Critical |
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | ||||
CVE-2023-0972 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-12-06 | 9.6 Critical |
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
CVE-2024-3052 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | 7.5 High |
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. | ||||
CVE-2024-3051 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | 7.5 High |
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. | ||||
CVE-2023-6874 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 7.5 High |
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number | ||||
CVE-2023-6387 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 7.5 High |
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | ||||
CVE-2023-5310 | 1 Silabs | 3 Z-wave Long Range 700, Z-wave Long Range 800, Z-wave Software Development Kit | 2024-11-21 | 5.7 Medium |
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. | ||||
CVE-2023-5138 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 6.8 Medium |
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. | ||||
CVE-2023-51395 | 1 Silabs | 1 Z-wave Software Development Kit | 2024-11-21 | 8.8 High |
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
CVE-2023-51393 | 1 Silabs | 1 Emberznet Sdk | 2024-11-21 | 5.3 Medium |
Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. | ||||
CVE-2023-4489 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | 6.4 Medium |
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. | ||||
CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 9.3 Critical |
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | ||||
CVE-2023-4041 | 1 Silabs | 1 Gecko Bootloader | 2024-11-21 | 9.8 Critical |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. | ||||
CVE-2023-4020 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 9 Critical |
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. |