CVE-2023-3487 - Vulnerability Details - OpenCVE

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00269.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Silabs	Gecko Bootloader

Configuration 1 [-]

cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-44146	An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV
https://github.com/SiliconLabs/gecko_sdk/releases

History

Wed, 25 Sep 2024 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20

Wed, 25 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 25 Sep 2024 16:00:00 +0000

Type	Values Removed	Values Added
Description	An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.	An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2023-10-20T14:12:44.805Z

Updated: 2024-09-25T15:47:54.946Z

Reserved: 2023-06-30T18:44:04.589Z

Link: CVE-2023-3487

Vulnrichment

Updated: 2024-08-02T06:55:03.656Z

NVD

Status : Modified

Published: 2023-10-20T15:15:11.967

Modified: 2024-11-21T08:17:22.477

Link: CVE-2023-3487

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3487", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-06-30T18:44:04.589Z", "datePublished": "2023-10-20T14:12:44.805Z", "dateUpdated": "2024-09-25T15:47:54.946Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GSDK", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "4.3.1", "status": "affected", "version": "1.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.</span>"}], "value": "An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-25T15:47:54.946Z"}, "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases"}, {"url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV"}], "source": {"discovery": "UNKNOWN"}, "title": "Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.656Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases", "tags": ["x_transferred"]}, {"url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "silabs", "product": "gecko_bootloader", "cpes": ["cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.3.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T14:39:12.789384Z", "id": "CVE-2023-3487", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:40:36.723Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases", "tags": ["x_transferred"]}, {"url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.656Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3487", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-12T14:39:12.789384Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*"], "vendor": "silabs", "product": "gecko_bootloader", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.3.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:40:32.383Z"}}], "cna": {"title": "Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "silabs.com", "product": "GSDK", "versions": [{"status": "affected", "version": "1.0", "versionType": "patch", "lessThanOrEqual": "4.3.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases"}, {"url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-25T15:47:54.946Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3487", "state": "PUBLISHED", "dateUpdated": "2024-09-25T15:47:54.946Z", "dateReserved": "2023-06-30T18:44:04.589Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2023-10-20T14:12:44.805Z", "assignerShortName": "Silabs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC6CEA66-303E-4E36-8F75-6AFF06A17639", "versionEndIncluding": "4.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots."}, {"lang": "es", "value": "Un desbordamiento de enteros en Silicon Labs Gecko Bootloader versi\u00f3n 4.3.1 y anteriores permite acceso ilimitado a la memoria al leer o escribir en ranuras de almacenamiento."}], "id": "CVE-2023-3487", "lastModified": "2024-11-21T08:17:22.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "product-security@silabs.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-20T15:15:11.967", "references": [{"source": "product-security@silabs.com", "tags": ["Permissions Required"], "url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV"}, {"source": "product-security@silabs.com", "tags": ["Release Notes"], "url": "https://github.com/SiliconLabs/gecko_sdk/releases"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/SiliconLabs/gecko_sdk/releases"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "product-security@silabs.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}