Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
20 vulnerabilities found for Gecko Platform by silabs.com
CVE-2023-2686 (GCVE-0-2023-2686)
Vulnerability from nvd – Published: 2023-06-15 19:00 – Updated: 2024-12-12 16:17
VLAI?
Summary
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.
Severity ?
9.8 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , ≤ 4.2.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:04.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T16:16:35.769919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T16:17:47.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.\u003cbr\u003e"
}
],
"value": "Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T19:00:04.688Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-2686",
"datePublished": "2023-06-15T19:00:04.688Z",
"dateReserved": "2023-05-12T16:01:16.855Z",
"dateUpdated": "2024-12-12T16:17:47.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32100 (GCVE-0-2023-32100)
Vulnerability from nvd – Published: 2023-05-18 18:47 – Updated: 2025-01-21 21:29
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_driver_mac_compute
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:28:55.439367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:29:05.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_driver_mac_compute\u003c/span\u003e\n\nin Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\nsli_se_driver_mac_compute\n\nin Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:47:12.452Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32100",
"datePublished": "2023-05-18T18:47:12.452Z",
"dateReserved": "2023-05-02T13:57:06.687Z",
"dateUpdated": "2025-01-21T21:29:05.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32099 (GCVE-0-2023-32099)
Vulnerability from nvd – Published: 2023-05-18 18:46 – Updated: 2025-01-21 21:33
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:33:08.828983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:33:16.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_sign_hash\u003c/span\u003e\u0026nbsp;in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_hash\u00a0in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:46:32.656Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32099",
"datePublished": "2023-05-18T18:46:22.142Z",
"dateReserved": "2023-05-02T13:57:06.687Z",
"dateUpdated": "2025-01-21T21:33:16.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32098 (GCVE-0-2023-32098)
Vulnerability from nvd – Published: 2023-05-18 18:46 – Updated: 2025-01-21 21:33
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_sign_message
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:33:45.450766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:33:52.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_sign_message\u003c/span\u003e\n\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_message\n\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:46:01.441Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32098",
"datePublished": "2023-05-18T18:46:01.441Z",
"dateReserved": "2023-05-02T13:57:06.687Z",
"dateUpdated": "2025-01-21T21:33:52.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32097 (GCVE-0-2023-32097)
Vulnerability from nvd – Published: 2023-05-18 18:45 – Updated: 2025-01-21 21:35
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_decrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:35:27.580646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:35:35.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_crypto_transparent_aead_decrypt_tag\u003c/span\u003e\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_decrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:45:36.647Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32097",
"datePublished": "2023-05-18T18:45:36.647Z",
"dateReserved": "2023-05-02T13:57:06.686Z",
"dateUpdated": "2025-01-21T21:35:35.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32096 (GCVE-0-2023-32096)
Vulnerability from nvd – Published: 2023-05-18 18:45 – Updated: 2025-01-21 21:35
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_encrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:35:51.139421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:35:59.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_crypto_transparent_aead_encrypt_tag\u003c/span\u003e\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_encrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:45:16.825Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32096",
"datePublished": "2023-05-18T18:45:08.415Z",
"dateReserved": "2023-05-02T13:57:06.686Z",
"dateUpdated": "2025-01-21T21:35:59.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2481 (GCVE-0-2023-2481)
Vulnerability from nvd – Published: 2023-05-18 18:44 – Updated: 2025-01-21 21:38
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_opaque_import_key
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:38:49.920660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:38:57.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_opaque_import_key\u003c/span\u003e\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\nsli_se_opaque_import_key\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:44:48.742Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-2481",
"datePublished": "2023-05-18T18:44:48.742Z",
"dateReserved": "2023-05-02T13:57:02.209Z",
"dateUpdated": "2025-01-21T21:38:57.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1132 (GCVE-0-2023-1132)
Vulnerability from nvd – Published: 2023-05-18 18:44 – Updated: 2025-01-22 14:01
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_driver_key_agreement
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:01:30.519270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:01:39.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_driver_key_agreement\u003c/span\u003e\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\nsli_se_driver_key_agreement\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:44:04.702Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-1132",
"datePublished": "2023-05-18T18:44:04.702Z",
"dateReserved": "2023-03-01T21:51:49.419Z",
"dateUpdated": "2025-01-22T14:01:39.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0965 (GCVE-0-2023-0965)
Vulnerability from nvd – Published: 2023-05-18 18:38 – Updated: 2025-01-22 14:33
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:33:15.655568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:33:25.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:39:19.176Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-0965",
"datePublished": "2023-05-18T18:38:56.910Z",
"dateReserved": "2023-02-22T19:24:33.215Z",
"dateUpdated": "2025-01-22T14:33:25.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24942 (GCVE-0-2022-24942)
Vulnerability from nvd – Published: 2022-11-02 21:04 – Updated: 2025-05-05 13:43
VLAI?
Title
Heap-based buffer overflow in MicriumOS HTTP Server allows potential remote code execution
Summary
Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.1.1.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/blame/v4.1.1/platform/micrium_os/net/source/http/server/http_server_req.c"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000KlMPOQA3?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24942",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T13:43:20.282771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T13:43:26.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.1.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHeap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.\u003c/span\u003e\n\n"
}
],
"value": "\nHeap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T20:43:00.000Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/blame/v4.1.1/platform/micrium_os/net/source/http/server/http_server_req.c"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000KlMPOQA3?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based buffer overflow in MicriumOS HTTP Server allows potential remote code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2022-24942",
"datePublished": "2022-11-02T21:04:45.822Z",
"dateReserved": "2022-02-10T22:28:43.265Z",
"dateUpdated": "2025-05-05T13:43:26.671Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2686 (GCVE-0-2023-2686)
Vulnerability from cvelistv5 – Published: 2023-06-15 19:00 – Updated: 2024-12-12 16:17
VLAI?
Summary
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.
Severity ?
9.8 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , ≤ 4.2.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:04.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T16:16:35.769919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T16:17:47.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.\u003cbr\u003e"
}
],
"value": "Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T19:00:04.688Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-2686",
"datePublished": "2023-06-15T19:00:04.688Z",
"dateReserved": "2023-05-12T16:01:16.855Z",
"dateUpdated": "2024-12-12T16:17:47.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32100 (GCVE-0-2023-32100)
Vulnerability from cvelistv5 – Published: 2023-05-18 18:47 – Updated: 2025-01-21 21:29
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_driver_mac_compute
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:28:55.439367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:29:05.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_driver_mac_compute\u003c/span\u003e\n\nin Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\nsli_se_driver_mac_compute\n\nin Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:47:12.452Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32100",
"datePublished": "2023-05-18T18:47:12.452Z",
"dateReserved": "2023-05-02T13:57:06.687Z",
"dateUpdated": "2025-01-21T21:29:05.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32099 (GCVE-0-2023-32099)
Vulnerability from cvelistv5 – Published: 2023-05-18 18:46 – Updated: 2025-01-21 21:33
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:33:08.828983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:33:16.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_sign_hash\u003c/span\u003e\u0026nbsp;in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_hash\u00a0in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:46:32.656Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32099",
"datePublished": "2023-05-18T18:46:22.142Z",
"dateReserved": "2023-05-02T13:57:06.687Z",
"dateUpdated": "2025-01-21T21:33:16.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32098 (GCVE-0-2023-32098)
Vulnerability from cvelistv5 – Published: 2023-05-18 18:46 – Updated: 2025-01-21 21:33
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_sign_message
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:33:45.450766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:33:52.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_sign_message\u003c/span\u003e\n\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_message\n\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:46:01.441Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32098",
"datePublished": "2023-05-18T18:46:01.441Z",
"dateReserved": "2023-05-02T13:57:06.687Z",
"dateUpdated": "2025-01-21T21:33:52.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32097 (GCVE-0-2023-32097)
Vulnerability from cvelistv5 – Published: 2023-05-18 18:45 – Updated: 2025-01-21 21:35
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_decrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:35:27.580646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:35:35.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_crypto_transparent_aead_decrypt_tag\u003c/span\u003e\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_decrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:45:36.647Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32097",
"datePublished": "2023-05-18T18:45:36.647Z",
"dateReserved": "2023-05-02T13:57:06.686Z",
"dateUpdated": "2025-01-21T21:35:35.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32096 (GCVE-0-2023-32096)
Vulnerability from cvelistv5 – Published: 2023-05-18 18:45 – Updated: 2025-01-21 21:35
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_encrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:35:51.139421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:35:59.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_crypto_transparent_aead_encrypt_tag\u003c/span\u003e\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_encrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:45:16.825Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-32096",
"datePublished": "2023-05-18T18:45:08.415Z",
"dateReserved": "2023-05-02T13:57:06.686Z",
"dateUpdated": "2025-01-21T21:35:59.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2481 (GCVE-0-2023-2481)
Vulnerability from cvelistv5 – Published: 2023-05-18 18:44 – Updated: 2025-01-21 21:38
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_opaque_import_key
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T21:38:49.920660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:38:57.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_opaque_import_key\u003c/span\u003e\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\n\n\nsli_se_opaque_import_key\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:44:48.742Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-2481",
"datePublished": "2023-05-18T18:44:48.742Z",
"dateReserved": "2023-05-02T13:57:02.209Z",
"dateUpdated": "2025-01-21T21:38:57.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1132 (GCVE-0-2023-1132)
Vulnerability from cvelistv5 – Published: 2023-05-18 18:44 – Updated: 2025-01-22 14:01
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in
sli_se_driver_key_agreement
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
5.3 (Medium)
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:01:30.519270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:01:39.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esli_se_driver_key_agreement\u003c/span\u003e\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in \n\nsli_se_driver_key_agreement\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:44:04.702Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-1132",
"datePublished": "2023-05-18T18:44:04.702Z",
"dateReserved": "2023-03-01T21:51:49.419Z",
"dateUpdated": "2025-01-22T14:01:39.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0965 (GCVE-0-2023-0965)
Vulnerability from cvelistv5 – Published: 2023-05-18 18:38 – Updated: 2025-01-22 14:33
VLAI?
Title
Key duplication in GSDK
Summary
Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
Severity ?
CWE
- CWE-14 - Compiler Removal of Code to Clear Buffers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:33:15.655568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:33:25.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCompiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\u003c/span\u003e\n\n"
}
],
"value": "\nCompiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-14",
"description": "CWE-14: Compiler Removal of Code to Clear Buffers",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T18:39:19.176Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Key duplication in GSDK",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-0965",
"datePublished": "2023-05-18T18:38:56.910Z",
"dateReserved": "2023-02-22T19:24:33.215Z",
"dateUpdated": "2025-01-22T14:33:25.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24942 (GCVE-0-2022-24942)
Vulnerability from cvelistv5 – Published: 2022-11-02 21:04 – Updated: 2025-05-05 13:43
VLAI?
Title
Heap-based buffer overflow in MicriumOS HTTP Server allows potential remote code execution
Summary
Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko Platform |
Affected:
0 , < 4.1.1.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/blame/v4.1.1/platform/micrium_os/net/source/http/server/http_server_req.c"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000KlMPOQA3?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24942",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T13:43:20.282771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T13:43:26.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko Platform",
"vendor": "silabs.com",
"versions": [
{
"lessThan": "4.1.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHeap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.\u003c/span\u003e\n\n"
}
],
"value": "\nHeap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T20:43:00.000Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/blame/v4.1.1/platform/micrium_os/net/source/http/server/http_server_req.c"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000KlMPOQA3?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-based buffer overflow in MicriumOS HTTP Server allows potential remote code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2022-24942",
"datePublished": "2022-11-02T21:04:45.822Z",
"dateReserved": "2022-02-10T22:28:43.265Z",
"dateUpdated": "2025-05-05T13:43:26.671Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}