Lucene search

SilabsCVELIST:CVE-2023-32098

HistoryMay 18, 2023 - 6:46 p.m.

CVE-2023-32098 Key duplication in GSDK

2023-05-1818:46:01

CWE-14

Silabs

www.cve.org

cve-2023-32098

gsdk

silicon labs

key material duplication

ram

security vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Compiler removal of buffer clearing in

sli_se_sign_message

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Gecko Platform",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThan": "4.2.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1

github.com/SiliconLabs/gecko_sdk

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Related for CVELIST:CVE-2023-32098