CVE-2024-6352

Overview

CVE-2024-6352 is a buffer overflow vulnerability in the APS (Application Support Sublayer) of Silicon Labs' Ember ZNet Zigbee stack. A malformed APS packet triggers a buffer overflow when parsed, which causes an assert in the stack firmware. The issue is considered medium severity (CVSS 4.3) and is resolved in the Zigbee EmberZNet SDK component of Simplicity SDK version 2024.6.3 and later [1].

Exploitation

An attacker on the same Zigbee network can send a specially crafted APS frame to a device running an affected version of the Ember ZNet stack. No authentication is required beyond network-layer access, as the vulnerability occurs during packet parsing before security validation [1]. The attack can be performed over-the-air within radio range of the target device.

Impact

Successful exploitation forces an assertion failure in the APS layer, crashing the stack and causing a denial of service. The device becomes unresponsive until it is reset. There is no evidence of code execution, but an attacker could repeatedly trigger the assert to maintain the denial-of-service condition on the target device.

Mitigation

The vulnerability is fixed in Simplicity SDK v2024.6.3 and all subsequent releases. Users are advised to update their firmware to the latest version [1]. No workarounds have been published, but network segmentation and limiting radio exposure may reduce attack surface.