Silabs

Gecko Software Development Kit

34 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-4280

  • EPSS 0.07%
  • Published 02.01.2024 17:15:09
  • Last modified 21.11.2024 08:34:46

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

7.5

CVE-2023-41097

  • EPSS 0.11%
  • Published 21.12.2023 21:15:08
  • Last modified 21.11.2024 08:20:34

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

9.1

CVE-2023-4020

  • EPSS 0.22%
  • Published 15.12.2023 21:15:08
  • Last modified 21.11.2024 08:34:14

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memor...

9.8

CVE-2023-31247

Exploit
  • EPSS 0.37%
  • Published 14.11.2023 10:15:28
  • Last modified 21.11.2024 08:01:42

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this ...

9.8

CVE-2023-27882

Exploit
  • EPSS 0.33%
  • Published 14.11.2023 10:15:27
  • Last modified 21.11.2024 07:53:37

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger th...

9.8

CVE-2023-28391

Exploit
  • EPSS 0.37%
  • Published 14.11.2023 10:15:27
  • Last modified 21.11.2024 07:54:58

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulner...

9.8

CVE-2023-28379

Exploit
  • EPSS 0.28%
  • Published 14.11.2023 10:15:27
  • Last modified 21.11.2024 07:54:57

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulner...

9.8

CVE-2023-25181

Exploit
  • EPSS 0.3%
  • Published 14.11.2023 10:15:26
  • Last modified 21.11.2024 07:49:15

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigge...

9.8

CVE-2023-24585

Exploit
  • EPSS 0.3%
  • Published 14.11.2023 10:15:26
  • Last modified 21.11.2024 07:48:10

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

6.5

CVE-2023-3024

  • EPSS 0.08%
  • Published 29.09.2023 17:15:47
  • Last modified 21.11.2024 08:16:16

Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.