Vulnerabilities > Silabs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-28 | CVE-2024-23938 | Out-of-bounds Write vulnerability in Silabs Gecko OS 1.0.46 Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
| 2024-02-05 | CVE-2023-6874 | Improper Check for Unusual or Exceptional Conditions vulnerability in Silabs Gecko Software Development KIT Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number | 7.5 |
| 2024-02-02 | CVE-2023-6387 | Incorrect Calculation of Buffer Size vulnerability in Silabs Gecko Software Development KIT A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | 7.5 |
| 2023-12-21 | CVE-2023-41097 | Information Exposure Through Discrepancy vulnerability in Silabs Gecko Software Development KIT An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | 7.5 |
| 2023-10-20 | CVE-2023-3487 | Integer Overflow or Wraparound vulnerability in Silabs Gecko Bootloader An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | 7.8 |
| 2023-06-21 | CVE-2023-0971 | Incorrect Authorization vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | 8.8 |
| 2023-06-21 | CVE-2023-0972 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 8.8 |
| 2023-06-21 | CVE-2023-3110 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Unify Software Development KIT 1.3.1 Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 8.8 |
| 2023-05-18 | CVE-2023-0965 | Unspecified vulnerability in Silabs Gecko Software Development KIT Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | 7.5 |
| 2023-05-18 | CVE-2023-1132 | Unspecified vulnerability in Silabs Gecko Software Development KIT Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | 7.5 |