Lucene search

SilabsCVE-2023-51391

HistoryApr 16, 2024 - 8:15 p.m.

CVE-2023-51391

2024-04-1620:15:09

CWE-476

CWE-125

Silabs

web.nvd.nist.gov

micrium

http

server

bug

invalid pointer

dereference

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.

CNA Affected

[
  {
    "collectionURL": "https://github.com/SiliconLabs/gecko_sdk/releases",
    "defaultStatus": "unaffected",
    "modules": [
      "Micrium OS Network HTTP Server"
    ],
    "packageName": "Gecko SDK",
    "platforms": [
      "ARM"
    ],
    "repo": "https://github.com/SiliconLabs/gecko_sdk",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThan": "4.4.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.silabs.com/068Vm000004688g

www.talosintelligence.com/vulnerability_reports/TALOS-2024-1945

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-51391