CVE-2023-4041

Summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

Affected Software

VendorProductVersion RangeStatus
Silicon LabsGecko Bootloader0 < 4.3.1affected
Silicon LabsGecko Bootloader0 < 4.2.4affected
Silicon LabsGecko Bootloader4.3.2unaffected
Silicon LabsGecko Bootloader4.2.4unaffected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • CWE-787: CWE-787 Out-of-bounds Write
  • CWE-913: CWE-913 Improper Control of Dynamically-Managed Code Resources

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References