Vulnerabilities > Silabs > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-18 CVE-2023-2481 Unspecified vulnerability in Silabs Gecko Software Development KIT
Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
network
low complexity
silabs
7.5
2023-05-18 CVE-2023-32096 Unspecified vulnerability in Silabs Gecko Software Development KIT
Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
network
low complexity
silabs
7.5
2023-05-18 CVE-2023-32097 Unspecified vulnerability in Silabs Gecko Software Development KIT
Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
network
low complexity
silabs
7.5
2023-05-18 CVE-2023-32098 Unspecified vulnerability in Silabs Gecko Software Development KIT
Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
network
low complexity
silabs
7.5
2023-05-18 CVE-2023-32099 Unspecified vulnerability in Silabs Gecko Software Development KIT
Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
network
low complexity
silabs
7.5
2023-05-18 CVE-2023-32100 Unspecified vulnerability in Silabs Gecko Software Development KIT
Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
network
low complexity
silabs
7.5
2022-11-14 CVE-2022-24938 Out-of-bounds Write vulnerability in Silabs Emberznet 1.0.0
A malformed packet causes a stack overflow in the Ember ZNet stack.
network
low complexity
silabs CWE-787
7.5
2022-02-04 CVE-2013-20003 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Silabs products
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.
high complexity
silabs CWE-338
8.3
2022-02-04 CVE-2018-25029 Unspecified vulnerability in Silabs products
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.
low complexity
silabs
8.1
2022-01-10 CVE-2020-9057 Missing Encryption of Sensitive Data vulnerability in multiple products
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device.
low complexity
linear silabs CWE-311
8.8