Lucene search

SilabsCVELIST:CVE-2023-0775

HistoryMar 28, 2023 - 4:23 p.m.

CVE-2023-0775 Bluetooth LE Invalid prepare write request command leads to denial of service

2023-03-2816:23:29

CWE-20

Silabs

www.cve.org

bluetooth

security

vulnerability

denial of service

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

19.1%

JSON

An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "GSDK",
    "vendor": "silabs.com",
    "versions": [
      {
        "changes": [
          {
            "at": "5.1.0",
            "status": "affected"
          }
        ],
        "lessThanOrEqual": "v5.1.1",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/SiliconLabs/gecko_sdk

siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000SMMyGQAX?operationContext=S1

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

19.1%

JSON

Related for CVELIST:CVE-2023-0775