OpenCVE

A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Silabs	Gecko Software Development Kit Zigbee Emberznet

Configuration 1 [-]

OR	cpe:2.3:a:silabs:gecko_software_development_kit:-:::::::*
	cpe:2.3:a:silabs:zigbee_emberznet:-:::::::*

No data.

References

Link	Providers
https://github.com/SiliconLabs/gecko_sdk
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000IWDCwQAP?operationContext=S1

History

No history.

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2022-11-17T23:35:55.522Z

Updated: 2024-08-03T04:29:01.633Z

Reserved: 2022-02-10T22:28:43.265Z

Link: CVE-2022-24939

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-18T00:15:09.627

Modified: 2023-11-07T03:44:41.790

Link: CVE-2022-24939

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-24939", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2022-02-10T22:28:43.265Z", "datePublished": "2022-11-17T23:35:55.522Z", "dateUpdated": "2024-08-03T04:29:01.633Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Ember ZNet", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "7.0.1", "status": "affected", "version": "1.0.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\"> A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.</span>\n\n"}], "value": "\n\u00a0A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.\n\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2022-11-17T23:35:55.522Z"}, "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk"}, {"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000IWDCwQAP?operationContext=S1"}], "source": {"discovery": "UNKNOWN"}, "title": " Malformed Zigbee packet with invalid destination address causes Assert ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:29:01.633Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk", "tags": ["x_transferred"]}, {"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000IWDCwQAP?operationContext=S1", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "F521FAA6-641C-438B-971C-128F2467FA9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:silabs:zigbee_emberznet:-:*:*:*:*:*:*:*", "matchCriteriaId": "52F60207-E6C3-40F6-848B-0539322F5044", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\u00a0A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.\n\n"}, {"lang": "es", "value": "Un paquete con formato incorrecto que contiene una direcci\u00f3n de destino no v\u00e1lida provoca un desbordamiento de pila en Ember ZNet. Esto provoca una afirmaci\u00f3n que conduce a un reinicio, eliminando inmediatamente el error."}], "id": "CVE-2022-24939", "lastModified": "2023-11-07T03:44:41.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2022-11-18T00:15:09.627", "references": [{"source": "product-security@silabs.com", "tags": ["Third Party Advisory"], "url": "https://github.com/SiliconLabs/gecko_sdk"}, {"source": "product-security@silabs.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000IWDCwQAP?operationContext=S1"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "product-security@silabs.com", "type": "Secondary"}]}