Skip to main content

Gecko Software Development Kit CVE-2023-4280

CRITICAL
Out-of-bounds Read (CWE-125)
2024-01-02 product-security@silabs.com
9.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:33 vuln.today
CVE Published
Jan 02, 2024 - 17:15 nvd
CRITICAL 9.3

DescriptionCVE.org

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

AnalysisAI

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. Affected products include: Silabs Gecko Software Development Kit.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2023-31247 CRITICAL POC
9.8 Nov 14

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP

CVE-2023-28391 CRITICAL POC
9.8 Nov 14

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.0

CVE-2023-28379 CRITICAL POC
9.8 Nov 14

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01

CVE-2023-27882 CRITICAL POC
9.8 Nov 14

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-H

CVE-2023-25181 CRITICAL POC
9.8 Nov 14

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01.

CVE-2023-24585 CRITICAL POC
9.8 Nov 14

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. Rated

CVE-2023-2686 CRITICAL
9.8 Jun 15

Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected de

CVE-2023-4020 CRITICAL
9.1 Dec 15

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon

CVE-2024-22473 HIGH
7.5 Feb 21

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. R

CVE-2023-41097 HIGH
7.5 Dec 21

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding O

CVE-2023-32100 HIGH
7.5 May 18

Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier r

CVE-2023-32099 HIGH
7.5 May 18

Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in

Share

CVE-2023-4280 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy