Vulnerabilities > CVE-2022-24939 - Out-of-bounds Write vulnerability in Silabs Gecko Software Development KIT and Zigbee Emberznet

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

silabs

CWE-787

NVD

Published: 2022-11-18

Updated: 2024-11-21

Summary

A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.

Vulnerable Configurations

Part	Description	Count
Application	Silabs Silabs Zigbee Emberznet - Silabs Gecko Software Development KIT -	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/SiliconLabs/gecko_sdk
https://github.com/SiliconLabs/gecko_sdk
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000IWDCwQAP?operationContext=S1
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000IWDCwQAP?operationContext=S1