Description
Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.
Published: 2026-06-25
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The EmberZNet SDK contains an improper bounds validation flaw that allows unsafe array operations, which can cause the SDK to crash or leak dynamic memory. This defect undermines system stability and may expose sensitive data through unintended memory disclosures.

Affected Systems

Silicon Labs SiSDK – EmberZNet SDK version 9.0.2 and all earlier releases that have not been updated contain the vulnerability. Devices using these SDK components to process network or firmware inputs are susceptible.

Risk and Exploitability

The CVSS score of 5.3 reflects a moderate risk. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is delivering crafted payloads that trigger out‑of‑bounds indices to the SDK through network interfaces or firmware update channels, as inferred from the description that the SDK processes network or firmware inputs. Exploitation does not require privileged access but needs the SDK to process malicious input, and results may manifest as application crashes or abnormal memory usage.

Generated by OpenCVE AI on June 25, 2026 at 16:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review the Silicon Labs website for the latest SiSDK release that addresses bounds validation and apply the update to all embedded devices.
  • If no patch is available, add defensive bounds checks in the calling application code to validate array indices before passing data to SDK functions.
  • Monitor the device for abnormal crashes or memory leaks; log stack traces and input payloads to aid incident response until a patch is available.

Generated by OpenCVE AI on June 25, 2026 at 16:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.
Title Improper bounds validation in EmberZNet SDK
Weaknesses CWE-130
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-06-25T15:33:19.340Z

Reserved: 2026-04-16T17:02:59.346Z

Link: CVE-2026-6432

cve-icon Vulnrichment

Updated: 2026-06-25T15:33:16.146Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:15:15Z

Weaknesses
  • CWE-130

    Improper Handling of Length Parameter Inconsistency