OpenCVE

A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Silabs	Bluetooth Low Energy Software Development Kit

Configuration 1 [-]

cpe:2.3:a:silabs:bluetooth_low_energy_software_development_kit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/SiliconLabs
https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1

History

Wed, 25 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Description	A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.	A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.
Weaknesses		CWE-401

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2023-06-15T19:05:21.365Z

Updated: 2024-09-25T16:15:20.041Z

Reserved: 2023-05-12T13:32:54.352Z

Link: CVE-2023-2683

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-15T20:15:09.260

Modified: 2024-09-25T17:15:13.520

Link: CVE-2023-2683

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2683", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-05-12T13:32:54.352Z", "datePublished": "2023-06-15T19:05:21.365Z", "dateUpdated": "2024-09-25T16:15:20.041Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Bluetooth SDK", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "v5.1.1", "status": "affected", "version": "5.0.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.</span>"}], "value": "A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-25T16:15:20.041Z"}, "references": [{"url": "https://github.com/SiliconLabs"}, {"url": "https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1"}], "source": {"discovery": "UNKNOWN"}, "title": "Connection update while closing connection may lead to denial-of-service", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:04.563Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/SiliconLabs", "tags": ["x_transferred"]}, {"url": "https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:bluetooth_low_energy_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5B6C798-416B-4D1B-A9B3-C793C3B775E3", "versionEndIncluding": "5.1.1", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error."}], "id": "CVE-2023-2683", "lastModified": "2024-09-25T17:15:13.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2023-06-15T20:15:09.260", "references": [{"source": "product-security@silabs.com", "tags": ["Not Applicable"], "url": "https://github.com/SiliconLabs"}, {"source": "product-security@silabs.com", "tags": ["Broken Link"], "url": "https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "product-security@silabs.com", "type": "Secondary"}]}