Filtered by vendor Silabs
Subscriptions
Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22473 | 1 Silabs | 1 Gecko Software Development Kit | 2025-02-12 | 6.8 Medium |
| TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. | ||||
| CVE-2023-6640 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | 6.5 Medium |
| Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | ||||
| CVE-2024-0240 | 1 Silabs | 1 Gecko Software Development Kit | 2025-02-05 | 6.5 Medium |
| A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. | ||||
| CVE-2024-3052 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2025-02-05 | 7.5 High |
| Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. | ||||
| CVE-2023-0965 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-22 | 3.1 Low |
| Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-1132 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-22 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-2481 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32096 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 3.1 Low |
| Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32097 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 3.1 Low |
| Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32098 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32099 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32100 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-2687 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-08 | 2.9 Low |
| Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | ||||
| CVE-2023-2686 | 1 Silabs | 1 Gecko Software Development Kit | 2024-12-12 | 9.8 Critical |
| Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | ||||
| CVE-2023-2683 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-12-11 | 5.3 Medium |
| A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. | ||||
| CVE-2023-2747 | 1 Silabs | 1 Gecko Software Development Kit | 2024-12-11 | 3.1 Low |
| The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. | ||||
| CVE-2023-3110 | 1 Silabs | 1 Unify Software Development Kit | 2024-12-09 | 9.6 Critical |
| Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
| CVE-2023-0969 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-12-06 | 3.5 Low |
| A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. | ||||
| CVE-2023-0970 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-12-06 | 7.1 High |
| Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. | ||||
| CVE-2023-0971 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-12-06 | 9.6 Critical |
| A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | ||||