Skip to main content

Gecko Software Development Kit CVE-2023-1132

HIGH
Compiler Removal of Code to Clear Buffers (CWE-14)
2023-05-18 product-security@silabs.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 18, 2023 - 19:15 nvd
HIGH 7.5

DescriptionNVD

Compiler removal of buffer clearing in

sli_se_driver_key_agreement

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

AnalysisAI

Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-14. Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Affected products include: Silabs Gecko Software Development Kit.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-31247 CRITICAL POC
9.8 Nov 14

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP

CVE-2023-28391 CRITICAL POC
9.8 Nov 14

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.0

CVE-2023-28379 CRITICAL POC
9.8 Nov 14

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01

CVE-2023-27882 CRITICAL POC
9.8 Nov 14

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-H

CVE-2023-25181 CRITICAL POC
9.8 Nov 14

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01.

CVE-2023-24585 CRITICAL POC
9.8 Nov 14

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. Rated

CVE-2023-2686 CRITICAL
9.8 Jun 15

Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected de

CVE-2023-4280 CRITICAL
9.3 Jan 02

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker

CVE-2023-4020 CRITICAL
9.1 Dec 15

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon

CVE-2024-22473 HIGH
7.5 Feb 21

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. R

CVE-2023-41097 HIGH
7.5 Dec 21

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding O

CVE-2023-32100 HIGH
7.5 May 18

Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier r

Share

CVE-2023-1132 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy