CVE-2024-6351
Description
A malformed packet can trigger a buffer overflow in the NWK/APS layer of Silicon Labs' Ember ZNet stack, causing a crash via an assert.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A malformed packet can trigger a buffer overflow in the NWK/APS layer of Silicon Labs' Ember ZNet stack, causing a crash via an assert.
CVE-2024-6351 describes a vulnerability in the NWK/APS layer of Silicon Labs' Ember ZNet stack. The root cause is a buffer overflow triggered by a malformed packet, which can lead to an assertion failure and stack crash. This flaw exists within the Zigbee EmberZNet SDK component of the Simplicity SDK [1].
The attack vector is network-based, requiring the ability to send a specially crafted packet to a device using the vulnerable stack. No authentication is mentioned as a prerequisite, implying an unauthenticated attacker in radio range could exploit it. The malformed packet targets the NWK/APS layers responsible for network and application-level routing [1].
A successful exploit causes an assert, halting the target device. This leads to a denial-of-service (DoS) condition, where the device becomes unresponsive until reset. The CVSS v3 base score of 4.3 reflects a medium severity DoS impact with low attack complexity and no privileges required [1].
The vulnerability is fixed in Simplicity SDK version 2024.6.3, released as part of the Zigbee EmberZNet SDK 8.0.3.0. Users are advised to update to this version or later to mitigate the risk [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.