CVE-2023-51395

Summary

The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
Silicon LabsZ-Wave SDK7.20.0unaffected
Silicon LabsZ-Wave SDK7.19.3unaffected
Silicon LabsZ-Wave SDK7.18.8unaffected
Silicon LabsZ-Wave SDK7.17.5unaffected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write
  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References