Silabs

Gecko Software Development Kit

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-6387

  • EPSS 3.2%
  • Veröffentlicht 02.02.2024 16:15:53
  • Zuletzt bearbeitet 21.11.2024 08:43:45

A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution

6.8

CVE-2023-5138

  • EPSS 0.05%
  • Veröffentlicht 03.01.2024 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:41:08

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.

9.8

CVE-2023-4280

  • EPSS 0.07%
  • Veröffentlicht 02.01.2024 17:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:46

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

7.5

CVE-2023-41097

  • EPSS 0.11%
  • Veröffentlicht 21.12.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 08:20:34

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

9.1

CVE-2023-4020

  • EPSS 0.22%
  • Veröffentlicht 15.12.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:14

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memor...

9.8

CVE-2023-31247

Exploit
  • EPSS 0.37%
  • Veröffentlicht 14.11.2023 10:15:28
  • Zuletzt bearbeitet 04.11.2025 20:16:26

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this ...

9.8

CVE-2023-28379

Exploit
  • EPSS 0.28%
  • Veröffentlicht 14.11.2023 10:15:27
  • Zuletzt bearbeitet 04.11.2025 20:16:25

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulner...

9.8

CVE-2023-28391

Exploit
  • EPSS 0.37%
  • Veröffentlicht 14.11.2023 10:15:27
  • Zuletzt bearbeitet 04.11.2025 20:16:25

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulner...

9.8

CVE-2023-27882

Exploit
  • EPSS 0.33%
  • Veröffentlicht 14.11.2023 10:15:27
  • Zuletzt bearbeitet 04.11.2025 20:16:24

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger th...

9.8

CVE-2023-25181

Exploit
  • EPSS 0.3%
  • Veröffentlicht 14.11.2023 10:15:26
  • Zuletzt bearbeitet 21.11.2024 07:49:15

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigge...