CVE-2023-6387

A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://community.silabs.com/069Vm000000WNKuIAO	Permissions Required
https://github.com/SiliconLabs/gecko_sdk/releases/tag/v4.4.0	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*

History

10 Feb 2024, 04:10

Type	Values Removed	Values Added
References	~~() https://community.silabs.com/069Vm000000WNKuIAO -~~	() https://community.silabs.com/069Vm000000WNKuIAO - Permissions Required
References	~~() https://github.com/SiliconLabs/gecko_sdk/releases/tag/v4.4.0 -~~	() https://github.com/SiliconLabs/gecko_sdk/releases/tag/v4.4.0 - Release Notes
CPE		cpe:2.3:a:silabs:gecko_software_development_kit::::::::
First Time		Silabs gecko Software Development Kit Silabs
Summary		(es) Existe un posible desbordamiento del búfer en la aplicación de muestra Bluetooth LE HCI CPC en el SDK de Gecko, lo que puede provocar una denegación de servicio o la ejecución remota de código.

02 Feb 2024, 16:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-02 16:15

Updated : 2024-02-10 04:10

NVD link : CVE-2023-6387

Mitre link : CVE-2023-6387

CVE.ORG link : CVE-2023-6387

JSON object : View

Products Affected

silabs

gecko_software_development_kit

CWE

CWE-131

Incorrect Calculation of Buffer Size

{"id": "CVE-2023-6387", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-02-02T16:15:53.337", "references": [{"url": "https://community.silabs.com/069Vm000000WNKuIAO", "tags": ["Permissions Required"], "source": "product-security@silabs.com"}, {"url": "https://github.com/SiliconLabs/gecko_sdk/releases/tag/v4.4.0", "tags": ["Release Notes"], "source": "product-security@silabs.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-131"}]}, {"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-131"}]}], "descriptions": [{"lang": "en", "value": "A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution"}, {"lang": "es", "value": "Existe un posible desbordamiento del b\u00fafer en la aplicaci\u00f3n de muestra Bluetooth LE HCI CPC en el SDK de Gecko, lo que puede provocar una denegaci\u00f3n de servicio o la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2024-02-10T04:10:48.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "622923FE-6895-4AC7-B0D5-CA7A7764E91B", "versionEndExcluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@silabs.com"}