Silabs: >> Gecko Software Development Kit Security Vulnerabilities
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
9.0
EPSS Score
0.003
Published
2023-11-14
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
9.0
EPSS Score
0.002
Published
2023-11-14
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
9.0
EPSS Score
0.003
Published
2023-11-14
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
CVSS Score
7.7
EPSS Score
0.002
Published
2023-11-14
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
9.0
EPSS Score
0.002
Published
2023-11-14
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-09-29
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.
CVSS Score
3.8
EPSS Score
0.001
Published
2023-07-28
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
CVSS Score
3.1
EPSS Score
0.0
Published
2023-06-15
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-15
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.
CVSS Score
2.9
EPSS Score
0.0
Published
2023-06-02