Filtered by vendor Silabs
Subscriptions
Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23937 | 1 Silabs | 1 Gecko Os | 2025-06-18 | 6.5 Medium |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. | ||||
| CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2025-06-13 | 9.3 Critical |
| An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | ||||
| CVE-2023-5138 | 1 Silabs | 1 Gecko Software Development Kit | 2025-06-03 | 6.8 Medium |
| Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. | ||||
| CVE-2023-4489 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2025-05-21 | 6.4 Medium |
| The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. | ||||
| CVE-2023-6387 | 1 Silabs | 1 Gecko Software Development Kit | 2025-05-15 | 7.5 High |
| A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution | ||||
| CVE-2022-24942 | 1 Silabs | 1 Micrium Uc-http | 2025-05-05 | 9.1 Critical |
| Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request. | ||||
| CVE-2022-24936 | 1 Silabs | 1 Gecko Bootloader | 2025-05-02 | 8.3 High |
| Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. | ||||
| CVE-2022-24938 | 1 Silabs | 1 Emberznet | 2025-04-30 | 6.5 Medium |
| A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. | ||||
| CVE-2022-24937 | 1 Silabs | 1 Emberznet | 2025-04-30 | 6.5 Medium |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. | ||||
| CVE-2022-24939 | 1 Silabs | 2 Gecko Software Development Kit, Zigbee Emberznet | 2025-04-29 | 5.7 Medium |
| A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. | ||||
| CVE-2023-45318 | 2 Silabs, Weston-embedded | 3 Gecko Platform, Gecko Software Development Kit, Uc-http | 2025-04-24 | 10 Critical |
| A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-41097 | 1 Silabs | 1 Gecko Software Development Kit | 2025-04-23 | 4.6 Medium |
| An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | ||||
| CVE-2023-51392 | 1 Silabs | 1 Emberznet | 2025-04-22 | 6.2 Medium |
| Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks. | ||||
| CVE-2023-51393 | 1 Silabs | 2 Emberznet, Emberznet Sdk | 2025-04-22 | 5.3 Medium |
| Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. | ||||
| CVE-2021-27411 | 1 Silabs | 1 Micrium Os | 2025-04-16 | 6.5 Medium |
| Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. | ||||
| CVE-2023-1261 | 1 Silabs | 1 Wi-sun Software Development Kit | 2025-02-26 | 8.2 High |
| Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network. | ||||
| CVE-2023-1262 | 1 Silabs | 2 Wireless Smart Ubiquitous Network Linux Border Router, Wireless Smart Ubiquitous Network Linux Border Router Firmware | 2025-02-26 | 8.2 High |
| Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. | ||||
| CVE-2023-0775 | 1 Silabs | 1 Gecko Software Development Kit | 2025-02-18 | 6.5 Medium |
| An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service. | ||||
| CVE-2023-51391 | 1 Silabs | 1 Gecko Software Development Kit | 2025-02-13 | 7.5 High |
| A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service. | ||||
| CVE-2023-51394 | 1 Silabs | 1 Emberznet | 2025-02-12 | 5.3 Medium |
| High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash. | ||||