Ember ZNet stack

CVEs (10)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-6352	Silabs.com Ember ZNet stack	Med	0.28	4.3	0.00	Jan 13, 2025	A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert
CVE-2023-51393	Silabs.com Ember ZNet stack		0.00	—	0.00	Feb 23, 2024	Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the…
CVE-2023-51394	Silabs.com Ember ZNet stack		0.00	—	0.00	Feb 23, 2024	High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.
CVE-2023-51392	Silabs.com Ember ZNet stack		0.00	—	0.00	Feb 23, 2024	Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
CVE-2023-6874	Silabs.com Ember ZNet stack		0.00	—	0.00	Feb 5, 2024	Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number
CVE-2023-41096	Silabs.com Ember ZNet stack		0.00	—	0.00	Oct 26, 2023	Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
CVE-2023-41094	Silabs.com Ember ZNet stack		0.00	—	0.00	Oct 4, 2023	TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet…
CVE-2022-24939	Silabs.com Ember ZNet stack		0.00	—	0.00	Nov 17, 2022	A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
CVE-2022-24938	Silabs.com Ember ZNet stack		0.00	—	0.01	Nov 14, 2022	A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
CVE-2022-24937	Silabs.com Ember ZNet stack		0.00	—	0.01	Nov 14, 2022	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.

CVE-2024-6352MedJan 13, 2025
Silabs.com
Ember ZNet stack
risk 0.28cvss 4.3epss 0.00
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert
CVE-2023-51393Feb 23, 2024
Silabs.com
Ember ZNet stack
risk 0.00cvss —epss 0.00
Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the…
CVE-2023-51394Feb 23, 2024
Silabs.com
Ember ZNet stack
risk 0.00cvss —epss 0.00
High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.
CVE-2023-51392Feb 23, 2024
Silabs.com
Ember ZNet stack
risk 0.00cvss —epss 0.00
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
CVE-2023-6874Feb 5, 2024
Silabs.com
Ember ZNet stack
risk 0.00cvss —epss 0.00
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number
CVE-2023-41096Oct 26, 2023
Silabs.com
Ember ZNet stack
risk 0.00cvss —epss 0.00
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
CVE-2023-41094Oct 4, 2023
Silabs.com
Ember ZNet stack
risk 0.00cvss —epss 0.00
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet…
CVE-2022-24939Nov 17, 2022
Silabs.com
Ember ZNet stack
risk 0.00cvss —epss 0.00
A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
CVE-2022-24938Nov 14, 2022
Silabs.com
Ember ZNet stack
risk 0.00cvss —epss 0.01
A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
CVE-2022-24937Nov 14, 2022
Silabs.com
Ember ZNet stack
risk 0.00cvss —epss 0.01
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.