Buffer Overflow in Wi-Fi Commissioning MicriumOS Example from Silicon Labs
CVE-2023-2686

9.8CRITICAL

Key Information:

Vendor: Silabs.com
Status: Gecko Platform
Vendor: CVE Published:; 15 June 2023

Summary

A buffer overflow vulnerability exists in the Wi-Fi Commissioning MicriumOS example within the Silicon Labs Gecko SDK, allowing an attacker with access to the connected device to overwrite the stack with malicious payloads. This could potentially lead to code execution or system instability. It is crucial for users to upgrade to the latest version of the Gecko SDK to mitigate this risk.

Affected Version(s)

Gecko Platform 0 <= 4.2.3

References

https://github.com/SiliconLabs/gecko_sdk/releases

patch

https://community.silabs.com/sfc/servlet.shepherd/documen...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2023
Vulnerability Reserved
May 12, 2023