Lucene search

GoogleOSV:CVE-2023-32096

HistoryMay 18, 2023 - 7:15 p.m.

CVE-2023-32096

2023-05-1819:15:09

Google

osv.dev

compiler

buffer clearing

sli_crypto_transparent_aead_encrypt_tag

silicon labs gecko platform sdk

key material duplication

ram

software

security vulnerability

cve-2023-32096

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

52.3%

JSON

Compiler removal of buffer clearing in

sli_crypto_transparent_aead_encrypt_tag

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

References

community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1

github.com/SiliconLabs/gecko_sdk

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

52.3%

JSON

Related for OSV:CVE-2023-32096