OpenCVE

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Silabs	Gecko Bootloader

Configuration 1 [-]

cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV
https://github.com/SiliconLabs/gecko_sdk/releases

History

Wed, 25 Sep 2024 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20

Wed, 25 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 25 Sep 2024 16:00:00 +0000

Type	Values Removed	Values Added
Description	An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.	An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.

MITRE

Status: PUBLISHED

Assigner: Silabs

Published: 2023-10-20T14:12:44.805Z

Updated: 2024-09-25T15:47:54.946Z

Reserved: 2023-06-30T18:44:04.589Z

Link: CVE-2023-3487

Vulnrichment

Updated: 2024-08-02T06:55:03.656Z

NVD

Status : Modified

Published: 2023-10-20T15:15:11.967

Modified: 2024-09-25T16:15:07.870

Link: CVE-2023-3487

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3487", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2023-06-30T18:44:04.589Z", "datePublished": "2023-10-20T14:12:44.805Z", "dateUpdated": "2024-09-25T15:47:54.946Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GSDK", "vendor": "silabs.com", "versions": [{"lessThanOrEqual": "4.3.1", "status": "affected", "version": "1.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.</span>"}], "value": "An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-25T15:47:54.946Z"}, "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases"}, {"url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV"}], "source": {"discovery": "UNKNOWN"}, "title": "Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.656Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases", "tags": ["x_transferred"]}, {"url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "silabs", "product": "gecko_bootloader", "cpes": ["cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.3.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T14:39:12.789384Z", "id": "CVE-2023-3487", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:40:36.723Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases", "tags": ["x_transferred"]}, {"url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.656Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3487", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-12T14:39:12.789384Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*"], "vendor": "silabs", "product": "gecko_bootloader", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.3.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:40:32.383Z"}}], "cna": {"title": "Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "silabs.com", "product": "GSDK", "versions": [{"status": "affected", "version": "1.0", "versionType": "patch", "lessThanOrEqual": "4.3.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/SiliconLabs/gecko_sdk/releases"}, {"url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-09-25T15:47:54.946Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3487", "state": "PUBLISHED", "dateUpdated": "2024-09-25T15:47:54.946Z", "dateReserved": "2023-06-30T18:44:04.589Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2023-10-20T14:12:44.805Z", "assignerShortName": "Silabs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC6CEA66-303E-4E36-8F75-6AFF06A17639", "versionEndIncluding": "4.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots."}, {"lang": "es", "value": "Un desbordamiento de enteros en Silicon Labs Gecko Bootloader versi\u00f3n 4.3.1 y anteriores permite acceso ilimitado a la memoria al leer o escribir en ranuras de almacenamiento."}], "id": "CVE-2023-3487", "lastModified": "2024-09-25T16:15:07.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2023-10-20T15:15:11.967", "references": [{"source": "product-security@silabs.com", "tags": ["Permissions Required"], "url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV"}, {"source": "product-security@silabs.com", "tags": ["Release Notes"], "url": "https://github.com/SiliconLabs/gecko_sdk/releases"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "product-security@silabs.com", "type": "Secondary"}]}