Lucene search

SilabsCVELIST:CVE-2023-51391

HistoryApr 16, 2024 - 7:19 p.m.

CVE-2023-51391 Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability

2024-04-1619:19:26

CWE-476

CWE-125

Silabs

www.cve.org

cve-2023-51391

micrium os network

http server

invalid pointer dereference

device crash

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.

CNA Affected

[
  {
    "collectionURL": "https://github.com/SiliconLabs/gecko_sdk/releases",
    "defaultStatus": "unaffected",
    "modules": [
      "Micrium OS Network HTTP Server"
    ],
    "packageName": "Gecko SDK",
    "platforms": [
      "ARM"
    ],
    "repo": "https://github.com/SiliconLabs/gecko_sdk",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThan": "4.4.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.silabs.com/068Vm000004688g

www.talosintelligence.com/vulnerability_reports/TALOS-2024-1945

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-51391