CVE-2023-4280

EPSS 0.07%
Published 02.01.2024 17:15:09
Last modified 21.11.2024 08:34:46
Source product-security@silabs.com
Teams watchlist Login
Open Login

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Silabs ≫ Gecko Software Development Kit Version >= 1.0.0 <= 4.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.227

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
product-security@silabs.com	9.3	2.5	6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/SiliconLabs/gecko_sdk

Product

https://community.silabs.com/069Vm0000004NinIAE

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-4280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4280

EUVD