Lucene search

SilabsVULNRICHMENT:CVE-2023-51391

HistoryApr 16, 2024 - 7:19 p.m.

CVE-2023-51391 Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability

2024-04-1619:19:26

CWE-476

CWE-125

Silabs

github.com

micrium os

network

http server

pointer dereference

vulnerability

device crash

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*"
    ],
    "vendor": "silabs",
    "product": "gecko_software_development_kit",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.4.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

community.silabs.com/068Vm000004688g

www.talosintelligence.com/vulnerability_reports/TALOS-2024-1945

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-51391