Vulnerabilities > Silabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-4041 | Download of Code Without Integrity Check vulnerability in Silabs Gecko Bootloader 4.3.0/4.3.1 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. | 9.8 |
| 2023-07-28 | CVE-2023-3488 | Use of Uninitialized Resource vulnerability in Silabs Gecko Software Development KIT Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. | 5.5 |
| 2023-06-21 | CVE-2023-0969 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. | 3.5 |
| 2023-06-21 | CVE-2023-0970 | Classic Buffer Overflow vulnerability in Silabs Z/Ip Gateway SDK Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. | 6.8 |
| 2023-06-21 | CVE-2023-0971 | Incorrect Authorization vulnerability in Silabs Z/Ip Gateway SDK A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | 8.8 |
| 2023-06-21 | CVE-2023-0972 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 8.8 |
| 2023-06-21 | CVE-2023-3110 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Unify Software Development KIT Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 8.8 |
| 2023-06-15 | CVE-2023-2683 | Resource Exhaustion vulnerability in Silabs Bluetooth LOW Energy Software Development KIT 5.0.0/5.1.0/5.1.1 A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. | 6.5 |
| 2023-06-15 | CVE-2023-2747 | Use of Uninitialized Resource vulnerability in Silabs Gecko Software Development KIT The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. | 5.5 |
| 2023-06-15 | CVE-2023-2686 | Classic Buffer Overflow vulnerability in Silabs Gecko Software Development KIT Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | 9.8 |