Lucene search

SilabsCVELIST:CVE-2023-0965

HistoryMay 18, 2023 - 6:38 p.m.

CVE-2023-0965 Key duplication in GSDK

2023-05-1818:38:56

CWE-14

Silabs

www.cve.org

cve-2023-0965

key duplication

gsdk

silicon labs gecko platform.

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Gecko Platform",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThan": "4.2.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1

github.com/SiliconLabs/gecko_sdk

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Related for CVELIST:CVE-2023-0965