VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 14, 2022· Updated Apr 30, 2025

Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier

CVE-2022-24937

Description

A buffer overflow vulnerability in Silicon Labs Ember ZNet stack within the Gecko SDK allows attackers to cause a buffer overflow, potentially leading to code execution or denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow vulnerability in Silicon Labs Ember ZNet stack within the Gecko SDK allows attackers to cause a buffer overflow, potentially leading to code execution or denial of service.

Vulnerability

A buffer overflow vulnerability exists in the Silicon Labs Ember ZNet stack, which is part of the Gecko SDK (GSDK) [1]. The issue is classified as an Improper Restriction of Operations within the Bounds of a Memory Buffer, allowing overflow of buffers. The specific affected versions are not disclosed in the available references.

Exploitation

The exact exploitation steps are not publicly detailed. However, as a buffer overflow, an attacker would likely need to send a specially crafted network packet or input to a device running the vulnerable Ember ZNet stack. The attacker may require network access to the target device.

Impact

Successful exploitation of this buffer overflow could allow an attacker to corrupt memory, potentially leading to arbitrary code execution or denial of service. The impact depends on the context of the affected device.

Mitigation

No specific fix version has been published in the available references. Users should update to the latest version of the Gecko SDK from the official repository [1] and apply any security patches released by Silicon Labs. Monitor the vendor's security advisories for further information.

References
  1. GitHub - SiliconLabs/gecko_sdk: The Gecko SDK (GSDK) combines our Series 0 and Series 1 IoT product software development kits (SDKs) based on Gecko Platform into a single, integrated SDK.

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.