CVE-2023-4041
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Silicon Labs | Gecko Bootloader | 0 < 4.3.1 | affected |
| Silicon Labs | Gecko Bootloader | 0 < 4.2.4 | affected |
| Silicon Labs | Gecko Bootloader | 4.3.2 | unaffected |
| Silicon Labs | Gecko Bootloader | 4.2.4 | unaffected |
Weaknesses
- CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-787: CWE-787 Out-of-bounds Write
- CWE-913: CWE-913 Improper Control of Dynamically-Managed Code Resources
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.