Buffer Overflow Vulnerability in Gecko SDK by Silicon Labs
CVE-2023-2687

2.9LOW

Key Information:

Vendor: Silabs.com
Status: Gecko Sdk
Vendor: CVE Published:; 2 June 2023

What is CVE-2023-2687?

A buffer overflow vulnerability exists in the Platform CLI component of the Gecko SDK provided by Silicon Labs. This flaw permits a user to overwrite limited structures on the heap, which could lead to unexpected behavior or potential exploitation. Users of Gecko SDK versions 4.2.1 and earlier are advised to evaluate their exposure to this vulnerability and apply the necessary patches to secure their systems.

Affected Version(s)

Gecko SDK 0 <= 4.2.1

References

https://github.com/SiliconLabs/gecko_sdk/releases

patch

https://community.silabs.com/sfc/servlet.shepherd/documen...

vendor-advisory

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
May 12, 2023

Silabs.com

What is CVE-2023-2687?

Affected Version(s)

References

CVSS V3.1

Timeline