Search criteria
10 vulnerabilities found for Gecko SDK by silabs.com
CVE-2025-12986 (GCVE-0-2025-12986)
Vulnerability from cvelistv5 – Published: 2025-12-04 21:55 – Updated: 2025-12-05 15:40
VLAI?
Summary
When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset.
Severity ?
CWE
- CWE-410 - Insufficient Resource Pool
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko SDK |
Affected:
0 , ≤ 4.5.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T15:39:17.136154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T15:40:13.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "GSDK",
"product": "Gecko SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\n\n\u003cdiv\u003eWhen a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of\u0026nbsp;service triggered by a malformed packet. The device may recover automatically or require a hard reset.\u0026nbsp;\u003c/div\u003e\n\n\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of\u00a0service triggered by a malformed packet. The device may recover automatically or require a hard reset."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-410",
"description": "CWE-410 Insufficient Resource Pool",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T21:55:59.291Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm00000akaGr"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service Vulnerability in Silicon Labs WF200 and WGM160P Devices",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2025-12986",
"datePublished": "2025-12-04T21:55:59.291Z",
"dateReserved": "2025-11-10T22:42:20.103Z",
"dateUpdated": "2025-12-05T15:40:13.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8414 (GCVE-0-2025-8414)
Vulnerability from cvelistv5 – Published: 2025-10-17 16:02 – Updated: 2025-10-17 17:20
VLAI?
Summary
Due to improper input validation, a buffer overflow vulnerability is present in
Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain
conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silabs.com | Simplicity SDK |
Affected:
0 , ≤ 2025.6.0
(custom)
Affected: 0 , ≤ 2024.12.2 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T17:19:58.824957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T17:20:32.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "SiSDK",
"product": "Simplicity SDK",
"repo": "https://github.com/SiliconLabs/simplicity_sdk",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "2025.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2024.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "GSDK",
"product": "Gecko SDK",
"repo": "https://github.com/SiliconLabs/gsdk",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eDue to improper input validation, a buffer overflow vulnerability is present in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZigbee EZSP Host Applications\u003c/span\u003e. If the buffer overflows, stack corruption is possible. In certain\u003c/div\u003e\u003cdiv\u003econditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability.\u0026nbsp;\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Due to improper input validation, a buffer overflow vulnerability is present in \n\nZigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain\n\nconditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T16:02:55.583Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm00000WJZED"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zigbee Green Power Host Buffer Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2025-8414",
"datePublished": "2025-10-17T16:02:55.583Z",
"dateReserved": "2025-07-31T13:35:54.376Z",
"dateUpdated": "2025-10-17T17:20:32.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4013 (GCVE-0-2024-4013)
Vulnerability from cvelistv5 – Published: 2024-06-06 21:31 – Updated: 2024-08-01 20:26
VLAI?
Summary
A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection
List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme
was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#.
Severity ?
5.6 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko SDK |
Affected:
3.1.0 , ≤ 2024.06.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T19:26:03.113833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T19:26:14.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required",
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000006rR53"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "GSDK",
"product": "Gecko SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "2024.06.0",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection \nList (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme \nwas changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#."
}
],
"value": "A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection \nList (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme \nwas changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#."
}
],
"impacts": [
{
"capecId": "CAPEC-679",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T21:31:53.472Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm000006rR53"
},
{
"tags": [
"product"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Failure to update BT Mesh Replay Protection List",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-4013",
"datePublished": "2024-06-06T21:31:53.472Z",
"dateReserved": "2024-04-19T17:58:42.900Z",
"dateUpdated": "2024-08-01T20:26:57.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5310 (GCVE-0-2023-5310)
Vulnerability from cvelistv5 – Published: 2023-12-15 16:05 – Updated: 2024-10-08 14:15
VLAI?
Summary
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.
Severity ?
5.7 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko SDK |
Affected:
0 , ≤ 7.20.3
(LessThan)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T18:23:37.766666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:15:42.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko SDK",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "7.20.3",
"status": "affected",
"version": "0",
"versionType": "LessThan"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.\u003c/span\u003e"
}
],
"value": "A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device."
}
],
"impacts": [
{
"capecId": "CAPEC-601",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-601 Jamming"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:44:43.455Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Z-Wave Denial of Service caused by Stream of Packets",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-5310",
"datePublished": "2023-12-15T16:05:15.120Z",
"dateReserved": "2023-09-29T18:44:41.563Z",
"dateUpdated": "2024-10-08T14:15:42.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2687 (GCVE-0-2023-2687)
Vulnerability from cvelistv5 – Published: 2023-06-02 15:56 – Updated: 2025-01-08 17:56
VLAI?
Summary
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko SDK |
Affected:
0 , ≤ 4.2.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:04.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sWXQAZ?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:56:16.937965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:56:25.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko SDK",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.\u003cbr\u003e"
}
],
"value": "Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:42:58.853Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sWXQAZ?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-2687",
"datePublished": "2023-06-02T15:56:21.083Z",
"dateReserved": "2023-05-12T16:13:16.672Z",
"dateUpdated": "2025-01-08T17:56:25.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12986 (GCVE-0-2025-12986)
Vulnerability from nvd – Published: 2025-12-04 21:55 – Updated: 2025-12-05 15:40
VLAI?
Summary
When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset.
Severity ?
CWE
- CWE-410 - Insufficient Resource Pool
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko SDK |
Affected:
0 , ≤ 4.5.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T15:39:17.136154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T15:40:13.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "GSDK",
"product": "Gecko SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\n\n\u003cdiv\u003eWhen a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of\u0026nbsp;service triggered by a malformed packet. The device may recover automatically or require a hard reset.\u0026nbsp;\u003c/div\u003e\n\n\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of\u00a0service triggered by a malformed packet. The device may recover automatically or require a hard reset."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-410",
"description": "CWE-410 Insufficient Resource Pool",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T21:55:59.291Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm00000akaGr"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service Vulnerability in Silicon Labs WF200 and WGM160P Devices",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2025-12986",
"datePublished": "2025-12-04T21:55:59.291Z",
"dateReserved": "2025-11-10T22:42:20.103Z",
"dateUpdated": "2025-12-05T15:40:13.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8414 (GCVE-0-2025-8414)
Vulnerability from nvd – Published: 2025-10-17 16:02 – Updated: 2025-10-17 17:20
VLAI?
Summary
Due to improper input validation, a buffer overflow vulnerability is present in
Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain
conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| silabs.com | Simplicity SDK |
Affected:
0 , ≤ 2025.6.0
(custom)
Affected: 0 , ≤ 2024.12.2 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T17:19:58.824957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T17:20:32.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "SiSDK",
"product": "Simplicity SDK",
"repo": "https://github.com/SiliconLabs/simplicity_sdk",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "2025.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2024.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "GSDK",
"product": "Gecko SDK",
"repo": "https://github.com/SiliconLabs/gsdk",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eDue to improper input validation, a buffer overflow vulnerability is present in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZigbee EZSP Host Applications\u003c/span\u003e. If the buffer overflows, stack corruption is possible. In certain\u003c/div\u003e\u003cdiv\u003econditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability.\u0026nbsp;\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Due to improper input validation, a buffer overflow vulnerability is present in \n\nZigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain\n\nconditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T16:02:55.583Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm00000WJZED"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zigbee Green Power Host Buffer Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2025-8414",
"datePublished": "2025-10-17T16:02:55.583Z",
"dateReserved": "2025-07-31T13:35:54.376Z",
"dateUpdated": "2025-10-17T17:20:32.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4013 (GCVE-0-2024-4013)
Vulnerability from nvd – Published: 2024-06-06 21:31 – Updated: 2024-08-01 20:26
VLAI?
Summary
A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection
List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme
was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#.
Severity ?
5.6 (Medium)
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko SDK |
Affected:
3.1.0 , ≤ 2024.06.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T19:26:03.113833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T19:26:14.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required",
"x_transferred"
],
"url": "https://community.silabs.com/068Vm000006rR53"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "GSDK",
"product": "Gecko SDK",
"repo": "https://github.com/SiliconLabs/gecko_sdk/releases",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "2024.06.0",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection \nList (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme \nwas changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#."
}
],
"value": "A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection \nList (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme \nwas changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#."
}
],
"impacts": [
{
"capecId": "CAPEC-679",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T21:31:53.472Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm000006rR53"
},
{
"tags": [
"product"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Failure to update BT Mesh Replay Protection List",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2024-4013",
"datePublished": "2024-06-06T21:31:53.472Z",
"dateReserved": "2024-04-19T17:58:42.900Z",
"dateUpdated": "2024-08-01T20:26:57.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5310 (GCVE-0-2023-5310)
Vulnerability from nvd – Published: 2023-12-15 16:05 – Updated: 2024-10-08 14:15
VLAI?
Summary
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.
Severity ?
5.7 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko SDK |
Affected:
0 , ≤ 7.20.3
(LessThan)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T18:23:37.766666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:15:42.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko SDK",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "7.20.3",
"status": "affected",
"version": "0",
"versionType": "LessThan"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.\u003c/span\u003e"
}
],
"value": "A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device."
}
],
"impacts": [
{
"capecId": "CAPEC-601",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-601 Jamming"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:44:43.455Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Z-Wave Denial of Service caused by Stream of Packets",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-5310",
"datePublished": "2023-12-15T16:05:15.120Z",
"dateReserved": "2023-09-29T18:44:41.563Z",
"dateUpdated": "2024-10-08T14:15:42.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2687 (GCVE-0-2023-2687)
Vulnerability from nvd – Published: 2023-06-02 15:56 – Updated: 2025-01-08 17:56
VLAI?
Summary
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| silabs.com | Gecko SDK |
Affected:
0 , ≤ 4.2.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:04.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sWXQAZ?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:56:16.937965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:56:25.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gecko SDK",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.\u003cbr\u003e"
}
],
"value": "Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:42:58.853Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/SiliconLabs/gecko_sdk/releases"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sWXQAZ?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-2687",
"datePublished": "2023-06-02T15:56:21.083Z",
"dateReserved": "2023-05-12T16:13:16.672Z",
"dateUpdated": "2025-01-08T17:56:25.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}