Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow
CVE-2023-6387

7.5HIGH

Key Information:

Vendor: Silabs.com
Status: Gsdk
Vendor: CVE Published:; 2 February 2024

What is CVE-2023-6387?

The vulnerability presents a potential buffer overflow in the Bluetooth LE HCI CPC sample application, part of the Gecko SDK provided by Silicon Labs. This flaw can be exploited to cause a denial of service or enable remote code execution, exposing devices using this SDK to significant security risks. Users of the affected versions should take immediate steps to mitigate potential threats by applying available patches or updates.

Affected Version(s)

GSDK 1.0

References

https://github.com/SiliconLabs/gecko_sdk/releases/tag/v4.4.0

https://community.silabs.com/069Vm000000WNKuIAO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Nov 29, 2023

Silabs.com

What is CVE-2023-6387?

Affected Version(s)

References

CVSS V3.1

Timeline