| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service. |
| High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash. |
| Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. |
| TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. |
| Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. |
| A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. |
|
Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|
Compiler removal of buffer clearing in
sli_se_driver_key_agreement
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|
Compiler removal of buffer clearing in
sli_se_opaque_import_key
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_encrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_decrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|
Compiler removal of buffer clearing in
sli_se_sign_message
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|
Compiler removal of buffer clearing in
sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|
Compiler removal of buffer clearing in
sli_se_driver_mac_compute
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
| Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. |
| Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.
|
| A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. |
| The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. |
| Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. |
| A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. |
