Arbitrary Code Execution Vulnerability in Silicon Labs Gecko OS
CVE-2024-23973

8.8HIGH

Key Information:

Vendor: Silicon Labs
Status: Gecko Os
Vendor: CVE Published:; 31 January 2025

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2024-23973?

A vulnerability exists in Silicon Labs Gecko OS that allows network-adjacent attackers to exploit the system by sending specially crafted HTTP GET requests. The flaw is tied to improper validation of user-supplied data length, which can lead to stack-based buffer overflows. If successfully executed, this can allow attackers to run arbitrary code within the context of the affected device, potentially compromising its functionality and security. No authentication is required, heightening the risk for systems relying on this software.

Affected Version(s)

Gecko OS all versions

References

https://www.zerodayinitiative.com/advisories/ZDI-24-873/

https://community.silabs.com/a45Vm0000000Atp

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2025