CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3487 – Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access
https://notcve.org/view.php?id=CVE-2023-3487
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. Un desbordamiento de enteros en Silicon Labs Gecko Bootloader versión 4.3.1 y anteriores permite acceso ilimitado a la memoria al leer o escribir en ranuras de almacenamiento. • https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV https://github.com/SiliconLabs/gecko_sdk/releases • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4041 – Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability
https://notcve.org/view.php?id=CVE-2023-4041
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-494: Download of Code Without Integrity Check CWE-787: Out-of-bounds Write CWE-913: Improper Control of Dynamically-Managed Code Resources •