OpenCVE

Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Silabs	Gecko Software Development Kit

Configuration 1 [-]

cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1
https://github.com/SiliconLabs/gecko_sdk

History

No history.

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2023-05-18T18:38:56.910Z

Updated: 2024-08-02T05:32:46.274Z

Reserved: 2023-02-22T19:24:33.215Z

Link: CVE-2023-0965

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-18T19:15:09.437

Modified: 2023-05-25T18:02:32.953

Link: CVE-2023-0965

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0965", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-02-22T19:24:33.215Z", "datePublished": "2023-05-18T18:38:56.910Z", "dateUpdated": "2024-08-02T05:32:46.274Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Gecko Platform", "vendor": "silabs.com", "versions": [{"lessThan": "4.2.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.</span>\n\n"}], "value": "\nCompiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-14", "description": "CWE-14: Compiler Removal of Code to Clear Buffers", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2023-05-18T18:39:19.176Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/SiliconLabs/gecko_sdk"}, {"tags": ["vendor-advisory"], "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"}], "source": {"discovery": "UNKNOWN"}, "title": "Key duplication in GSDK", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.274Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/SiliconLabs/gecko_sdk"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1"}]}]}}