CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6874 – Zigbee Unauthenticated DoS via NWK Sequence number manipulation
https://notcve.org/view.php?id=CVE-2023-6874
05 Feb 2024 — Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number Antes de v7.4.0, Ember ZNet es vulnerable a un ataque de denegación de servicio mediante la manipulación del número de secuencia NWK • https://community.silabs.com/069Vm000000WXaOIAW • CWE-312: Cleartext Storage of Sensitive Information CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2023-6387 – Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow
https://notcve.org/view.php?id=CVE-2023-6387
02 Feb 2024 — A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution Existe un posible desbordamiento del búfer en la aplicación de muestra Bluetooth LE HCI CPC en el SDK de Gecko, lo que puede provocar una denegación de servicio o la ejecución remota de código. • https://github.com/A3ST1CODE/CVE_6387 • CWE-125: Out-of-bounds Read CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5138 – Glitch detection not active by default in Silicon Labs Secure Vault High devices
https://notcve.org/view.php?id=CVE-2023-5138
03 Jan 2024 — Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. La detección de fallos no está habilitada de forma predeterminada para el núcleo CortexM33 en las partes altas de la bóveda segura de Silicon Labs EFx32xG2xB, excepto EFR32xG21B. • https://community.silabs.com/069Vm0000004f6DIAQ • CWE-909: Missing Initialization of Resource CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4280 – Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region
https://notcve.org/view.php?id=CVE-2023-4280
02 Jan 2024 — An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. Una entrada no validada en la implementación de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la región confiable de la memoria desde la región que no es confiable. • https://community.silabs.com/069Vm0000004NinIAE • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41097 – Potential Timing vulnerability in CBC PKCS7 padding calculations
https://notcve.org/view.php?id=CVE-2023-41097
21 Dec 2023 — An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. Una discrepancia de tiempo observable, vulnerabilidad de canal de tiempo oculto en Silabs GSDK en ARM potencialmente permite un ataque de Padding Oracle Crypto en CBC PKCS7. Este problema afecta a GSDK: hasta 4.4.0. • https://github.com/SiliconLabs/gecko_sdk/releases • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4020 – Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory
https://notcve.org/view.php?id=CVE-2023-4020
15 Dec 2023 — An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. Una entrada no validada en una función de librería responsable de la comunicación entre la memoria segura y no segura en la implementación TrustZone de Silicon Labs permite la lectura/escritura de la memoria en la región segura de la memoria desde la región n... • https://community.silabs.com/069Vm0000004b95IAA • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3024 – Bluetooth LE segmented 'prepare write response' packet may lead to out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2023-3024
29 Sep 2023 — Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. Obligar a la pila Bluetooth LE a segmentar paquetes de "prepare write response" puede provocar un acceso a la memoria fuera de los límites. • https://github.com/SiliconLabs/gecko_sdk • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3488 – Uninitialized variable in Gecko Bootloader can leak secure stack
https://notcve.org/view.php?id=CVE-2023-3488
28 Jul 2023 — Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2747 – Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
https://notcve.org/view.php?id=CVE-2023-2747
15 Jun 2023 — The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 • CWE-908: Use of Uninitialized Resource CWE-1204: Generation of Weak Initialization Vector (IV) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2686
https://notcve.org/view.php?id=CVE-2023-2686
15 Jun 2023 — Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •