CRITICAL🇵🇱 Wersja polska

CVE-2023-4041

CVSS 9.8v3.1pub. 2023-08-23upd. 2024-11-21

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Silabs Gecko Bootloader

    APP
    Silabs
    < 4.2.44.3.0 – 4.3.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassMemory
CWE
References

Related vulnerabilities

CVE-2023-3487HIGH7.7ten sam produkt

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access ...

CVE-2022-24936HIGH8.3ten sam produkt

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker t...

CVE-2023-45318CRITICAL10.0PL ✓ten sam vendor

Heap-based buffer overflow w serwerze HTTP biblioteki uC-HTTP — RCE

CVE-2023-4280CRITICAL9.3PL ✓ten sam vendor

Silabs Gecko SDK: dostęp do pamięci TrustZone z niezaufanego regionu

CVE-2023-4020CRITICAL9.0PL ✓ten sam vendor

Błąd walidacji wejścia w TrustZone SDK Silicon Labs — dostęp do pamięci bezpiecznej