Denial of Service Flaw in SiWx91x Devices by Silicon Labs
CVE-2024-8361

7.5HIGH

Key Information:

Vendor: Silabs.com
Status: Wiseconnect Sdk
Vendor: CVE Published:; 7 January 2025

What is CVE-2024-8361?

A vulnerability in SiWx91x devices involves the SHA2/224 hashing algorithm returning a 256-bit hash instead of the expected 224-bit. This discrepancy leads to a software assertion failure, resulting in a Denial of Service (DoS). If a watchdog timer is in place, the device can restart automatically once the timer expires. However, in scenarios lacking a watchdog, recovery necessitates a hard reset, impacting device availability and functionality.

Affected Version(s)

WiSeConnect SDK 0 <= 3.3.4

References

https://community.silabs.com/068Vm00000I7zqo

vendor-advisorypermissions-required

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2025

JSON

Silabs.com

What is CVE-2024-8361?

Affected Version(s)

References

CVSS V3.1

Timeline