Lucene search

SilabsCVELIST:CVE-2023-32097

HistoryMay 18, 2023 - 6:45 p.m.

CVE-2023-32097 Key duplication in GSDK

2023-05-1818:45:36

CWE-14

Silabs

www.cve.org

cve-2023-32097

key duplication

silicon labs gecko platform sdk

ram duplication

buffer clearing

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

Compiler removal of buffer clearing in

sli_crypto_transparent_aead_decrypt_tag

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Gecko Platform",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThan": "4.2.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1

github.com/SiliconLabs/gecko_sdk

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

Related for CVELIST:CVE-2023-32097