Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:HSilabs Gecko Bootloader
APPSilabs≤ 4.0.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
Related vulnerabilities
CVE-2023-4041CRITICAL9.8ten sam produkt
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code ...
CVE-2023-3487HIGH7.7ten sam produkt
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access ...
CVE-2023-45318CRITICAL10.0PL ✓ten sam vendor
Heap-based buffer overflow w serwerze HTTP biblioteki uC-HTTP — RCE
CVE-2023-4280CRITICAL9.3PL ✓ten sam vendor
Silabs Gecko SDK: dostęp do pamięci TrustZone z niezaufanego regionu
CVE-2023-4020CRITICAL9.0PL ✓ten sam vendor
Błąd walidacji wejścia w TrustZone SDK Silicon Labs — dostęp do pamięci bezpiecznej