CVE-2024-22472
Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.
Una vulnerabilidad de desbordamiento de búfer en los dispositivos Z-Wave de la serie 500 de Silicon Labs puede permitir una denegación de servicio y una posible ejecución remota de código. Este problema afecta a todas las versiones del SDK de la serie 500 de Silicon Labs anteriores a la v6.85.2 que se ejecutan en dispositivos Z-wave de la serie 500 de Silicon Labs.
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-01-10 CVE Reserved
- 2024-05-07 CVE Published
- 2024-05-07 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
- CAPEC-100: Overflow Buffers
- CAPEC-253: Remote Code Inclusion
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Silicon Labs Search vendor "Silicon Labs" | Z-Wave SDK Search vendor "Silicon Labs" for product "Z-Wave SDK" | < 6.85.2 Search vendor "Silicon Labs" for product "Z-Wave SDK" and version " < 6.85.2" | en |
Affected
| ||||||