Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier
CVE-2022-24937

6.5MEDIUM

Key Information:

Vendor

Silicon Labs

Status
Ember Znet
Vendor
CVE Published:
14 November 2022

What is CVE-2022-24937?

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.

Affected Version(s)

Ember ZNet 1.0.0 <= 7.0.0

References

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...
https://github.com/SiliconLabs/gecko_sdk

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-24937 : Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier