CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0972 – Buffer overflow in S0 Decryption on Z/IP Gatweay
https://notcve.org/view.php?id=CVE-2023-0972
21 Jun 2023 — Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0971 – Command Authentication Bypass in Z/IP Gateway
https://notcve.org/view.php?id=CVE-2023-0971
21 Jun 2023 — A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1 • CWE-268: Privilege Chaining CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0970 – Serial API Buffer Overflow in Z/IP Gateway
https://notcve.org/view.php?id=CVE-2023-0970
21 Jun 2023 — Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0969 – Global read overflow in Z/IP Gateway
https://notcve.org/view.php?id=CVE-2023-0969
21 Jun 2023 — A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2747 – Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
https://notcve.org/view.php?id=CVE-2023-2747
15 Jun 2023 — The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 • CWE-908: Use of Uninitialized Resource CWE-1204: Generation of Weak Initialization Vector (IV) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2683 – Connection update while closing connection may lead to denial-of-service
https://notcve.org/view.php?id=CVE-2023-2683
15 Jun 2023 — A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. • https://github.com/SiliconLabs • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2686
https://notcve.org/view.php?id=CVE-2023-2686
15 Jun 2023 — Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2687
https://notcve.org/view.php?id=CVE-2023-2687
02 Jun 2023 — Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sWXQAZ?operationContext=S1 • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32100 – Key duplication in GSDK
https://notcve.org/view.php?id=CVE-2023-32100
18 May 2023 — Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1 • CWE-14: Compiler Removal of Code to Clear Buffers •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32099 – Key duplication in GSDK
https://notcve.org/view.php?id=CVE-2023-32099
18 May 2023 — Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1 • CWE-14: Compiler Removal of Code to Clear Buffers •