Vulnerabilities > Silabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-28 | CVE-2024-23938 | Out-of-bounds Write vulnerability in Silabs Gecko OS 1.0.46 Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
| 2024-07-12 | CVE-2023-41093 | Use After Free vulnerability in Silabs Bluetooth LOW Energy Software Development KIT Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0. | 3.1 |
| 2024-02-23 | CVE-2023-51393 | Allocation of Resources Without Limits or Throttling vulnerability in Silabs Emberznet Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. | 7.5 |
| 2024-02-23 | CVE-2023-51394 | NULL Pointer Dereference vulnerability in Silabs Emberznet High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash. | 7.5 |
| 2024-02-23 | CVE-2023-51392 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Silabs Emberznet 7.2.0/7.2.3 Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks. | 9.8 |
| 2024-02-21 | CVE-2023-6533 | Unspecified vulnerability in Silabs Z-Wave Pc-Based Controller Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. low complexity silabs | 6.5 |
| 2024-02-21 | CVE-2023-6640 | Unspecified vulnerability in Silabs Z-Wave Pc-Based Controller Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. low complexity silabs | 6.5 |
| 2024-02-21 | CVE-2024-22473 | Insufficient Entropy vulnerability in Silabs Gecko Software Development KIT TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. | 7.5 |
| 2024-02-20 | CVE-2023-45318 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. | 9.8 |
| 2024-02-15 | CVE-2024-0240 | Memory Leak vulnerability in Silabs Gecko Software Development KIT A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. | 6.5 |