Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier
CVE-2022-24937

6.5MEDIUM

Key Information:

Vendor: Silicon Labs
Status: Ember Znet
Vendor: CVE Published:; 14 November 2022

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2022-24937?

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.

Affected Version(s)

Ember ZNet 1.0.0 <= 7.0.0

References

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...

https://github.com/SiliconLabs/gecko_sdk

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2022
Vulnerability Reserved
Feb 10, 2022

.