HIGH🇵🇱 Wersja polska

CVE-2022-24936

CVSS 8.3v3.1pub. 2022-11-02upd. 2024-11-21

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
  • Silabs Gecko Bootloader

    APP
    Silabs
    ≤ 4.0.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2023-4041CRITICAL9.8ten sam produkt

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code ...

CVE-2023-3487HIGH7.7ten sam produkt

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access ...

CVE-2023-45318CRITICAL10.0PL ✓ten sam vendor

Heap-based buffer overflow w serwerze HTTP biblioteki uC-HTTP — RCE

CVE-2023-4280CRITICAL9.3PL ✓ten sam vendor

Silabs Gecko SDK: dostęp do pamięci TrustZone z niezaufanego regionu

CVE-2023-4020CRITICAL9.0PL ✓ten sam vendor

Błąd walidacji wejścia w TrustZone SDK Silicon Labs — dostęp do pamięci bezpiecznej