Malformed Zigbee packet causes Assert in EmberZNet 7.0.1 or earlier
CVE-2022-24938

6.5MEDIUM

Key Information:

Vendor

Silabs.com

Status
Ember Znet
Vendor
CVE Published:
14 November 2022

What is CVE-2022-24938?

A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.

Affected Version(s)

Ember ZNet 1.0.0 <= 7.0.1

References

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...
vendor-advisory
https://github.com/SiliconLabs/gecko_sdk
patch

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.