Bluetooth Low Energy Software Development Kit
CVE-2023-2683
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.
AnalysisAI
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. Affected products include: Silabs Bluetooth Low Energy Software Development Kit. Version information: through 5.1.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. Rated high severity (CVSS 8.8
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. Rated medium severity (CVSS 6
Same weakness CWE-401 – Memory Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today