CVE-2023-6874 – Zigbee Unauthenticated DoS via NWK Sequence number manipulation
https://notcve.org/view.php?id=CVE-2023-6874
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number Antes de v7.4.0, Ember ZNet es vulnerable a un ataque de denegación de servicio mediante la manipulación del número de secuencia NWK • https://community.silabs.com/069Vm000000WXaOIAW https://github.com/SiliconLabs/gecko_sdk • CWE-312: Cleartext Storage of Sensitive Information CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2023-6387 – Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow
https://notcve.org/view.php?id=CVE-2023-6387
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution Existe un posible desbordamiento del búfer en la aplicación de muestra Bluetooth LE HCI CPC en el SDK de Gecko, lo que puede provocar una denegación de servicio o la ejecución remota de código. • https://community.silabs.com/069Vm000000WNKuIAO https://github.com/SiliconLabs/gecko_sdk/releases/tag/v4.4.0 • CWE-125: Out-of-bounds Read CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVE-2023-5138 – Glitch detection not active by default in Silicon Labs Secure Vault High devices
https://notcve.org/view.php?id=CVE-2023-5138
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. La detección de fallos no está habilitada de forma predeterminada para el núcleo CortexM33 en las partes altas de la bóveda segura de Silicon Labs EFx32xG2xB, excepto EFR32xG21B. • https://community.silabs.com/069Vm0000004f6DIAQ https://github.com/SiliconLabs/gecko_sdk • CWE-909: Missing Initialization of Resource CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVE-2023-4280 – Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region
https://notcve.org/view.php?id=CVE-2023-4280
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. Una entrada no validada en la implementación de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la región confiable de la memoria desde la región que no es confiable. • https://community.silabs.com/069Vm0000004NinIAE https://github.com/SiliconLabs/gecko_sdk • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2023-41097 – Potential Timing vulnerability in CBC PKCS7 padding calculations
https://notcve.org/view.php?id=CVE-2023-41097
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. Una discrepancia de tiempo observable, vulnerabilidad de canal de tiempo oculto en Silabs GSDK en ARM potencialmente permite un ataque de Padding Oracle Crypto en CBC PKCS7. Este problema afecta a GSDK: hasta 4.4.0. • https://github.com/SiliconLabs/gecko_sdk/releases https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •