CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3487 – Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access
https://notcve.org/view.php?id=CVE-2023-3487
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. Un desbordamiento de enteros en Silicon Labs Gecko Bootloader versión 4.3.1 y anteriores permite acceso ilimitado a la memoria al leer o escribir en ranuras de almacenamiento. • https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV https://github.com/SiliconLabs/gecko_sdk/releases • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4041 – Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability
https://notcve.org/view.php?id=CVE-2023-4041
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-494: Download of Code Without Integrity Check CWE-787: Out-of-bounds Write CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24936 – Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices
https://notcve.org/view.php?id=CVE-2022-24936
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. El error fuera de límites en el analizador GBL en Silicon Labs Gecko Bootloader versión 4.0.1 y anteriores permite al atacante sobrescribir la clave de firma flash y la clave de descifrado OTA mediante una actualización maliciosa del gestor de arranque. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •