CVE-2024-22472

EPSS 7.63%
Published 07.05.2024 06:15:07
Last modified 21.11.2024 08:56:20
Source product-security@silabs.com
Teams watchlist Login
Open Login

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution

This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2

running on Silicon Labs 500 series Z-wave devices.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorsilabs

≫

Product z-wave_software_development_kit

Default Statusunknown

Version < 6.85.2

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.63%	0.915

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
product-security@silabs.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://community.silabs.com/068Vm000004rZwm

https://nvd.nist.gov/vuln/detail/CVE-2024-22472

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-22472

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-22472

EUVD