CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0775 – Bluetooth LE Invalid prepare write request command leads to denial of service
https://notcve.org/view.php?id=CVE-2023-0775
28 Mar 2023 — An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service. • https://github.com/SiliconLabs/gecko_sdk • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1262 – Missing MAC layer security in Wi-SUN Linux Border Router
https://notcve.org/view.php?id=CVE-2023-1262
21 Mar 2023 — Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000SMyfRQAT?operationContext=S1 • CWE-862: Missing Authorization •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1261 – Missing MAC layer security in Wi-SUN SDK
https://notcve.org/view.php?id=CVE-2023-1261
21 Mar 2023 — Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000SMyfRQAT?operationContext=S1 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24939 – Malformed Zigbee packet with invalid destination address causes Assert
https://notcve.org/view.php?id=CVE-2022-24939
17 Nov 2022 — A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. Un paquete con formato incorrecto que contiene una dirección de destino no válida provoca un desbordamiento de pila en Ember ZNet. Esto provoca una afirmación que conduce a un reinicio, eliminando inmediatamente el error. • https://github.com/SiliconLabs/gecko_sdk • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24938 – Malformed Zigbee packet causes Assert in EmberZNet 7.0.1 or earlier
https://notcve.org/view.php?id=CVE-2022-24938
14 Nov 2022 — A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. Un paquete con formato incorrecto provoca un desbordamiento de pila en la pila Ember ZNet. Esto provoca una afirmación que conduce a un reinicio, eliminando inmediatamente el error. • https://github.com/SiliconLabs/gecko_sdk • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24937 – Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier
https://notcve.org/view.php?id=CVE-2022-24937
14 Nov 2022 — Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. Restricción inadecuada de operaciones dentro de los límites de una vulnerabilidad de búfer de memoria en Silicon Labs Ember ZNet permite desbordamiento de búferes. • https://github.com/SiliconLabs/gecko_sdk • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 1CVE-2022-24942 – Heap-based buffer overflow in MicriumOS HTTP Server allows potential remote code execution
https://notcve.org/view.php?id=CVE-2022-24942
02 Nov 2022 — Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request. Desbordamiento del búfer basado en el montón en la funcionalidad del servidor HTTP en Micrium uC-HTTP 3.01.01 permite la ejecución remota de código a través de una solicitud HTTP. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000KlMPOQA3?operationContext=S1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24936 – Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices
https://notcve.org/view.php?id=CVE-2022-24936
02 Nov 2022 — Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. El error fuera de límites en el analizador GBL en Silicon Labs Gecko Bootloader versión 4.0.1 y anteriores permite al atacante sobrescribir la clave de firma flash y la clave de descifrado OTA mediante una actualización maliciosa del gestor de arranque. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2022-24611
https://notcve.org/view.php?id=CVE-2022-24611
17 May 2022 — Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. Una denegación de servicio (DoS) en la especificación del protocolo Z-Wave S0 NonceGet en la serie Z-Wave 500 de Silicon Labs permite a atacantes locales bloquear la red Z-Wave protegida S0/S2 por medio de paquetes Z-Wave S0 NonceGet diseñados, usando NodeIDs in... • https://github.com/ITSecLab-HSEL/CVE-2022-24611 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27411 – Micrium OS Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2021-27411
03 May 2022 — Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. Micrium OS versiones 5.10.1 y anteriores, de son vulnerables a una envoltura de enteros en las funciones Mem_DynPoolCreate, Mem_DynPoolCreateHW y Mem_PoolCreate. Esta asignación... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04 • CWE-190: Integer Overflow or Wraparound •