Silabs Gecko Software Development Kit — known CVE vulnerabilities
Every CVE whose affected-product data names Silabs Gecko Software Development Kit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (30)
CVE-2023-45318 — CVSS 10.0 (critical): A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A…
CVE-2023-2686 — CVSS 9.8 (critical): Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write…
CVE-2023-4280 — CVSS 9.3 (critical): An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the…
CVE-2023-4020 — CVSS 9.0 (critical): An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone…
CVE-2023-25181 — CVSS 9.0 (critical): A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted…
CVE-2023-27882 — CVSS 9.0 (critical): A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A…
CVE-2023-28379 — CVSS 9.0 (critical): A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially…
CVE-2023-28391 — CVSS 9.0 (critical): A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially…
CVE-2023-31247 — CVSS 9.0 (critical): A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A…
CVE-2023-24585 — CVSS 7.7 (high): An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted…
CVE-2023-6387 — CVSS 7.5 (high): A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service…
CVE-2023-6874 — CVSS 7.5 (high): Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number
CVE-2023-5138 — CVSS 6.8 (medium): Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
CVE-2024-22473 — CVSS 6.8 (medium): TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may…
CVE-2024-0240 — CVSS 6.5 (medium): A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to…
CVE-2023-0775 — CVSS 6.5 (medium): An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle…
CVE-2023-3024 — CVSS 5.9 (medium): Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
CVE-2022-24939 — CVSS 5.7 (medium): A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which…
CVE-2023-1132 — CVSS 5.3 (medium): Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key…
CVE-2023-32099 — CVSS 5.3 (medium): Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material…
CVE-2023-2481 — CVSS 5.3 (medium): Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key…
CVE-2023-32098 — CVSS 5.3 (medium): Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material…
CVE-2023-32100 — CVSS 5.3 (medium): Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key…
CVE-2023-41097 — CVSS 4.6 (medium): An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack…
CVE-2023-3488 — CVSS 3.8 (low): Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL…
CVE-2023-0965 — CVSS 3.1 (low): Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier…
CVE-2023-32097 — CVSS 3.1 (low): Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier…
CVE-2023-32096 — CVSS 3.1 (low): Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier…
CVE-2023-2747 — CVSS 3.1 (low): The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
CVE-2023-2687 — CVSS 2.9 (low): Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the…