CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41093 – Loss of confidentiality due to potential race condition in Bluetooth controller Connection_Handle reuse
https://notcve.org/view.php?id=CVE-2023-41093
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0. Vulnerabilidad de Use After Free en el SDK Bluetooth de Silicon Labs en 32 bits, ARM puede permitir que un atacante con capacidades de sincronización precisa intercepte una pequeña cantidad de paquetes destinados a un destinatario que ha abandonado la red. Este problema afecta al SDK Bluetooth de Silabs: hasta 8.0.0. • https://community.silabs.com/068Vm000007v4HP • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23938 – Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23938
Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23184 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. • https://community.silabs.com/a45Vm0000000Atp https://www.zerodayinitiative.com/advisories/ZDI-24-868 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22472 – Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow
https://notcve.org/view.php?id=CVE-2024-22472
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices. Una vulnerabilidad de desbordamiento de búfer en los dispositivos Z-Wave de la serie 500 de Silicon Labs puede permitir una denegación de servicio y una posible ejecución remota de código. Este problema afecta a todas las versiones del SDK de la serie 500 de Silicon Labs anteriores a la v6.85.2 que se ejecutan en dispositivos Z-wave de la serie 500 de Silicon Labs. • https://community.silabs.com/068Vm000004rZwm • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39541
https://notcve.org/view.php?id=CVE-2023-39541
A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv6 ICMPv6 packet. Existe una vulnerabilidad de denegación de servicio en la funcionalidad de análisis ICMP e ICMPv6 de Weston Embedded uC-TCP-IP v3.06.01. Un paquete de red especialmente manipulado puede provocar una lectura fuera de los límites. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828 • CWE-126: Buffer Over-read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39540
https://notcve.org/view.php?id=CVE-2023-39540
A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv4 ICMP packet. Existe una vulnerabilidad de denegación de servicio en la funcionalidad de análisis ICMP e ICMPv6 de Weston Embedded uC-TCP-IP v3.06.01. Un paquete de red especialmente manipulado puede provocar una lectura fuera de los límites. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828 • CWE-126: Buffer Over-read •