Vulnerabilities > Silabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-27882 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
| 2023-11-14 | CVE-2023-28379 | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
| 2023-11-14 | CVE-2023-28391 | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
| 2023-11-14 | CVE-2023-31247 | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. | 9.8 |
| 2023-10-26 | CVE-2023-41095 | Missing Encryption of Sensitive Data vulnerability in Silabs Openthread SDK Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier. | 9.1 |
| 2023-10-26 | CVE-2023-41096 | Missing Encryption of Sensitive Data vulnerability in Silabs Emberznet SDK Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. | 6.1 |
| 2023-10-20 | CVE-2023-3487 | Integer Overflow or Wraparound vulnerability in Silabs Gecko Bootloader An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | 7.8 |
| 2023-10-10 | CVE-2020-27630 | Use of Insufficiently Random Values vulnerability in Silabs Uc/Tcp-Ip 3.6.0 In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | 9.8 |
| 2023-10-04 | CVE-2023-41094 | Missing Release of Resource after Effective Lifetime vulnerability in Silabs Emberznet TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected | 9.8 |
| 2023-09-29 | CVE-2023-3024 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Gecko Software Development KIT Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | 6.5 |