CVE-2023-2683

Summary

A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.

Affected Software

VendorProductVersion RangeStatus
silabs.comBluetooth SDK5.0.0 <= v5.1.1affected

Weaknesses

  • CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References