Lucene search

SilabsCVE-2023-1132

HistoryMay 18, 2023 - 7:15 p.m.

CVE-2023-1132

2023-05-1819:15:09

CWE-14

Silabs

web.nvd.nist.gov

cve-2023-1132

nvd

silicon labs

gecko platform sdk

vulnerability

buffer clearing

key material duplication

ram

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

Compiler removal of buffer clearing in

sli_se_driver_key_agreement

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Affected configurations

Nvd

Node

silabsgecko_software_development_kitRange≤4.2.1

VendorProductVersionCPE
silabsgecko_software_development_kit*cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silabs	gecko_software_development_kit	*	cpe:2.3:a:silabs:gecko_software_development_kit::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Gecko Platform",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThan": "4.2.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1

github.com/SiliconLabs/gecko_sdk

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

Related for CVE-2023-1132