NULL Pointer Dereference Vulnerability in Ember ZNet SDK Could Cause System Crash
CVE-2023-51394

7.5HIGH

Key Information:

Vendor

Silabs.com

Status
Ember Znet Sdk
Vendor
CVE Published:
23 February 2024

What is CVE-2023-51394?

The vulnerability affects the Silicon Labs Ember ZNet SDK versions prior to v7.4.0, allowing for a NULL Pointer Dereference in high traffic environments. This issue can lead to significant disruptions, potentially causing system crashes that could impact overall performance and reliability of applications utilizing this SDK. Immediate action is recommended for users relying on affected versions to mitigate operational risks.

Affected Version(s)

Ember ZNet SDK 32 bit 0 < 7.4.0

References

https://community.silabs.com/068Vm000001NL4u

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.