CVE-2023-4280

EPSS 0.07%
Veröffentlicht 02.01.2024 17:15:09
Zuletzt bearbeitet 21.11.2024 08:34:46
Quelle product-security@silabs.com
Teams Watchlist Login
Unerledigt Login

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Silabs ≫ Gecko Software Development Kit Version >= 1.0.0 <= 4.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.227

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
product-security@silabs.com	9.3	2.5	6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/SiliconLabs/gecko_sdk

Product

https://community.silabs.com/069Vm0000004NinIAE

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-4280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4280

EUVD