CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24939 – Malformed Zigbee packet with invalid destination address causes Assert
https://notcve.org/view.php?id=CVE-2022-24939
A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. Un paquete con formato incorrecto que contiene una dirección de destino no válida provoca un desbordamiento de pila en Ember ZNet. Esto provoca una afirmación que conduce a un reinicio, eliminando inmediatamente el error. • https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000IWDCwQAP?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24938 – Malformed Zigbee packet causes Assert in EmberZNet 7.0.1 or earlier
https://notcve.org/view.php?id=CVE-2022-24938
A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. Un paquete con formato incorrecto provoca un desbordamiento de pila en la pila Ember ZNet. Esto provoca una afirmación que conduce a un reinicio, eliminando inmediatamente el error. • https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000HbLj2QAF?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24937 – Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier
https://notcve.org/view.php?id=CVE-2022-24937
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. Restricción inadecuada de operaciones dentro de los límites de una vulnerabilidad de búfer de memoria en Silicon Labs Ember ZNet permite desbordamiento de búferes. • https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000HbLj2QAF?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24942 – Heap-based buffer overflow in MicriumOS HTTP Server allows potential remote code execution
https://notcve.org/view.php?id=CVE-2022-24942
Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request. Desbordamiento del búfer basado en el montón en la funcionalidad del servidor HTTP en Micrium uC-HTTP 3.01.01 permite la ejecución remota de código a través de una solicitud HTTP. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000KlMPOQA3?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk/blame/v4.1.1/platform/micrium_os/net/source/http/server/http_server_req.c • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24936 – Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices
https://notcve.org/view.php?id=CVE-2022-24936
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. El error fuera de límites en el analizador GBL en Silicon Labs Gecko Bootloader versión 4.0.1 y anteriores permite al atacante sobrescribir la clave de firma flash y la clave de descifrado OTA mediante una actualización maliciosa del gestor de arranque. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •