CVE-2023-51393

EPSS 0.05%
Veröffentlicht 23.02.2024 20:15:51
Zuletzt bearbeitet 12.02.2025 18:49:22
Quelle product-security@silabs.com
CVE-Watchlists
Login
Unerledigt
Login

Potential DoS due to BusFault and Assert in Ember ZNet legacy packet buffer

Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Silabs ≫ Emberznet Version < 7.4.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
product-security@silabs.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://community.silabs.com/068Vm000001NaAM

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-51393

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-51393

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-51393

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-51393