Vulnerabilities > Silabs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-28 | CVE-2024-23938 | Out-of-bounds Write vulnerability in Silabs Gecko OS 1.0.46 Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. | 8.8 |
| 2024-02-23 | CVE-2023-51393 | Allocation of Resources Without Limits or Throttling vulnerability in Silabs Emberznet Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. | 7.5 |
| 2024-02-23 | CVE-2023-51394 | NULL Pointer Dereference vulnerability in Silabs Emberznet High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash. | 7.5 |
| 2024-02-21 | CVE-2024-22473 | Insufficient Entropy vulnerability in Silabs Gecko Software Development KIT TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. | 7.5 |
| 2024-02-05 | CVE-2023-6874 | Improper Check for Unusual or Exceptional Conditions vulnerability in Silabs Gecko Software Development KIT Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number | 7.5 |
| 2024-02-02 | CVE-2023-6387 | Incorrect Calculation of Buffer Size vulnerability in Silabs Gecko Software Development KIT A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | 7.5 |
| 2023-12-21 | CVE-2023-41097 | Information Exposure Through Discrepancy vulnerability in Silabs Gecko Software Development KIT An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | 7.5 |
| 2023-10-20 | CVE-2023-3487 | Integer Overflow or Wraparound vulnerability in Silabs Gecko Bootloader An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | 7.8 |
| 2023-06-21 | CVE-2023-0971 | Incorrect Authorization vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | 8.8 |
| 2023-06-21 | CVE-2023-0972 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 8.8 |