Buffer Overflow in Wi-Fi Commissioning MicriumOS Example from Silicon Labs
CVE-2023-2686

9.8CRITICAL

Key Information:

Vendor: Silabs.com
Status: Gecko Platform
Vendor: CVE Published:; 15 June 2023

What is CVE-2023-2686?

A buffer overflow vulnerability exists in the Wi-Fi Commissioning MicriumOS example within the Silicon Labs Gecko SDK, allowing an attacker with access to the connected device to overwrite the stack with malicious payloads. This could potentially lead to code execution or system instability. It is crucial for users to upgrade to the latest version of the Gecko SDK to mitigate this risk.

Affected Version(s)

Gecko Platform 0 <= 4.2.3

References

https://github.com/SiliconLabs/gecko_sdk/releases

patch

https://community.silabs.com/sfc/servlet.shepherd/documen...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2023
Vulnerability Reserved
May 12, 2023

Silabs.com

What is CVE-2023-2686?

Affected Version(s)

References

CVSS V3.1

Timeline