Filtered by vendor Silabs
Subscriptions
Total
63 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-5310 | 1 Silabs | 3 Z-wave Long Range 700, Z-wave Long Range 800, Z-wave Software Development Kit | 2024-08-02 | 5.7 Medium |
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. | ||||
CVE-2023-5138 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 6.8 Medium |
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. | ||||
CVE-2023-4489 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-08-02 | 6.4 Medium |
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. | ||||
CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 9.3 Critical |
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | ||||
CVE-2023-4041 | 1 Silabs | 1 Gecko Bootloader | 2024-08-02 | 9.8 Critical |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. | ||||
CVE-2023-4020 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 9 Critical |
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. | ||||
CVE-2023-3488 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 3.8 Low |
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. | ||||
CVE-2023-3110 | 1 Silabs | 1 Unify Software Development Kit | 2024-08-02 | 9.6 Critical |
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
CVE-2023-3024 | 2 Qualcomm, Silabs | 9 Aqt1000, Csrb31024, Wcd9370 and 6 more | 2024-08-02 | 5.9 Medium |
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | ||||
CVE-2023-2747 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 3.1 Low |
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. | ||||
CVE-2023-2683 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-08-02 | 5.3 Medium |
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. | ||||
CVE-2023-2687 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 2.9 Low |
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | ||||
CVE-2023-2686 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 9.8 Critical |
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | ||||
CVE-2023-2481 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 5.3 Medium |
Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
CVE-2023-1262 | 1 Silabs | 2 Wireless Smart Ubiquitous Network Linux Border Router, Wireless Smart Ubiquitous Network Linux Border Router Firmware | 2024-08-02 | 8.2 High |
Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. | ||||
CVE-2023-1261 | 1 Silabs | 1 Wi-sun Software Development Kit | 2024-08-02 | 8.2 High |
Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network. | ||||
CVE-2023-1132 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 5.3 Medium |
Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
CVE-2023-0969 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-08-02 | 3.5 Low |
A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. | ||||
CVE-2023-0972 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-08-02 | 9.6 Critical |
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
CVE-2023-0970 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-08-02 | 7.1 High |
Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. |