CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-27882
https://notcve.org/view.php?id=CVE-2023-27882
14 Nov 2023 — A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1733 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28379
https://notcve.org/view.php?id=CVE-2023-28379
14 Nov 2023 — A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1738 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-31247
https://notcve.org/view.php?id=CVE-2023-31247
14 Nov 2023 — A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de análisis de encabezados de HTTP Server Host de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1746 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3024 – Bluetooth LE segmented 'prepare write response' packet may lead to out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2023-3024
29 Sep 2023 — Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. Obligar a la pila Bluetooth LE a segmentar paquetes de "prepare write response" puede provocar un acceso a la memoria fuera de los límites. • https://github.com/SiliconLabs/gecko_sdk • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3488 – Uninitialized variable in Gecko Bootloader can leak secure stack
https://notcve.org/view.php?id=CVE-2023-3488
28 Jul 2023 — Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2747 – Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
https://notcve.org/view.php?id=CVE-2023-2747
15 Jun 2023 — The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 • CWE-908: Use of Uninitialized Resource CWE-1204: Generation of Weak Initialization Vector (IV) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2686
https://notcve.org/view.php?id=CVE-2023-2686
15 Jun 2023 — Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2687
https://notcve.org/view.php?id=CVE-2023-2687
02 Jun 2023 — Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sWXQAZ?operationContext=S1 • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32100 – Key duplication in GSDK
https://notcve.org/view.php?id=CVE-2023-32100
18 May 2023 — Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1 • CWE-14: Compiler Removal of Code to Clear Buffers •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32099 – Key duplication in GSDK
https://notcve.org/view.php?id=CVE-2023-32099
18 May 2023 — Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1 • CWE-14: Compiler Removal of Code to Clear Buffers •