CVE-2020-27630
https://notcve.org/view.php?id=CVE-2020-27630
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. En Silicon Labs uC/TCP-IP 3.6.0, los ISN de TCP son incorrectamente aleatorios. • https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01 https://www.forescout.com https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks • CWE-330: Use of Insufficiently Random Values •
CVE-2023-41094 – Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet
https://notcve.org/view.php?id=CVE-2023-41094
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected Los paquetes TouchLink procesados después del tiempo de espera o fuera del alcance debido a la operación de un recurso después de la caducidad y la falta de liberación del recurso después de la vida útil efectiva pueden permitir que se agregue un dispositivo fuera del alcance válido de TouchLink o de la duración del emparejamiento. Este problema afecta a Ember ZNet 7.1.x desde 7.1 .3 a 7.1.5; 7.2.x desde 7.2.0 hasta 7.2.3; La versión 7.3 y posteriores no se ven afectadas • https://community.silabs.com/0688Y00000aIPzL • CWE-672: Operation on a Resource after Expiration or Release CWE-772: Missing Release of Resource after Effective Lifetime CWE-940: Improper Verification of Source of a Communication Channel •
CVE-2023-3024 – Bluetooth LE segmented 'prepare write response' packet may lead to out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2023-3024
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. Obligar a la pila Bluetooth LE a segmentar paquetes de "prepare write response" puede provocar un acceso a la memoria fuera de los límites. • https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ViQvHQAV/?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-4041 – Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability
https://notcve.org/view.php?id=CVE-2023-4041
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-494: Download of Code Without Integrity Check CWE-787: Out-of-bounds Write CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2023-3488 – Uninitialized variable in Gecko Bootloader can leak secure stack
https://notcve.org/view.php?id=CVE-2023-3488
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk/releases • CWE-908: Use of Uninitialized Resource •