Description
An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet.
Published: 2026-02-20
Score: 2.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an integer underflow in Silicon Labs Secure NCP host that leads to a buffer overread when a specially crafted packet is processed. This flaw can reveal data located after the intended buffer boundary, potentially exposing sensitive information stored in memory. The weakness is identified as a data truncation or arithmetic error that miscalculates packet lengths.

Affected Systems

Silicon Labs products using the Simplicity SDK and Gecko SDK are affected. No specific version numbers are listed in the advisory, so any release built with the vulnerable code segment may be at risk.

Risk and Exploitability

The CVSS score of 2.4 indicates low severity, and the EPSS score of less than 1% reflects a very low probability of exploitation. The flaw is not included in the CISA KEV catalog, suggesting no public exploitation has been observed. The likely attack vector involves an adversary sending a malicious packet over the network to the device, which is the inferred path for triggering the underflow. Because the vendor has not released an official patch or workaround, the risk remains limited but should be measured against the device’s exposure to untrusted networks.

Generated by OpenCVE AI on May 1, 2026 at 05:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest version of the Silabs Simplicity or Gecko SDK that addresses the integer underflow issue.
  • Configure network firewalls or access controls to limit which hosts can send packets to the device and block malformed packets.
  • Enable or configure firmware packet validation features to enforce strict length checks before processing network frames.

Generated by OpenCVE AI on May 1, 2026 at 05:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Silabs
Silabs simplicity Sdk
Vendors & Products Silabs
Silabs simplicity Sdk

Fri, 20 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Description An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet.
Title Integer underflow in Secure NCP host
Weaknesses CWE-125
CWE-191
References
Metrics cvssV4_0

{'score': 2.4, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Silabs Simplicity Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-04-24T15:29:24.113Z

Reserved: 2025-12-04T17:50:34.480Z

Link: CVE-2025-14055

cve-icon Vulnrichment

Updated: 2026-02-20T20:35:58.753Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T15:20:28.977

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-14055

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T06:00:13Z

Weaknesses