CVE-2024-8361

Summary

In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not implemented, device can be recovered only after a hard reset

Affected Software

VendorProductVersion RangeStatus
silabs.comWiSeConnect SDK0 <= 3.3.4affected

Weaknesses

  • CWE-131: CWE-131 Incorrect Calculation of Buffer Size
  • CWE-617: CWE-617 Reachable Assertion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References