Lucene search

SilabsCVELIST:CVE-2023-3110

HistoryJun 21, 2023 - 7:44 p.m.

CVE-2023-3110 Buffer overflow in S0 Decryption on Unify Gateway

2023-06-2119:44:00

CWE-787

CWE-125

Silabs

www.cve.org

silabs unify gateway

buffer overflow

arbitrary code execution

z-wave range

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

23.1%

JSON

Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Unify Gateway",
    "vendor": "Silicon Labs",
    "versions": [
      {
        "status": "unaffected",
        "version": "1.3.2"
      }
    ]
  }
]

References

siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

23.1%

JSON

Related for CVELIST:CVE-2023-3110