Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gecko_software_development_kit
(Silabs)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-15 | CVE-2023-2747 | The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. | Gecko_software_development_kit | 5.5 | ||
| 2024-01-03 | CVE-2023-5138 | Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. | Gecko_software_development_kit | 6.8 | ||
| 2023-09-29 | CVE-2023-3024 | Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | Gecko_software_development_kit | 6.5 | ||
| 2023-12-15 | CVE-2023-4020 | An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. | Gecko_software_development_kit | 9.1 | ||
| 2023-12-21 | CVE-2023-41097 | An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | Gecko_software_development_kit | 7.5 | ||
| 2024-01-02 | CVE-2023-4280 | An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | Gecko_software_development_kit | 9.8 | ||
| 2024-02-02 | CVE-2023-6387 | A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | Gecko_software_development_kit | 7.5 | ||
| 2024-02-05 | CVE-2023-6874 | Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number | Gecko_software_development_kit | 7.5 | ||
| 2023-06-02 | CVE-2023-2687 | Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | Gecko_software_development_kit | 3.3 | ||
| 2023-11-14 | CVE-2023-25181 | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | Gecko_software_development_kit, Cesium_net, Uc\-Http | 9.8 |