VYPR

Gecko SDK

by Silabs.com

Source repositories

CVEs (9)

  • CVE-2024-3043HigJun 27, 2024
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.

  • CVE-2024-4013MedJun 6, 2024
    risk 0.36cvss 5.6epss 0.00

    A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity…

  • CVE-2024-22473Feb 21, 2024
    risk 0.00cvss epss 0.00

    TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

  • CVE-2024-0240Feb 15, 2024
    risk 0.00cvss epss 0.00

    A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.

  • CVE-2023-6387Feb 2, 2024
    risk 0.00cvss epss 0.01

    A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution

  • CVE-2023-4280Jan 2, 2024
    risk 0.00cvss epss 0.00

    An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.

  • CVE-2023-4020Dec 15, 2023
    risk 0.00cvss epss 0.01

    An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.

  • CVE-2023-2686Jun 15, 2023
    risk 0.00cvss epss 0.01

    Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.

  • CVE-2023-2687Jun 2, 2023
    risk 0.00cvss epss 0.00

    Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.