GHSA-hg6g-xj6v-pfg7

Опубликовано: 18 мая 2023

Источник: github

Github: Не прошло ревью

CVSS3: 3.1

Описание

Compiler removal of buffer clearing in

sli_crypto_transparent_aead_encrypt_tag

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Compiler removal of buffer clearing in

sli_crypto_transparent_aead_encrypt_tag

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-32096
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1
https://github.com/SiliconLabs/gecko_sdk

EPSS

Процентиль: 24%

0.00082

Низкий

3.1 Low

CVSS3

CVE ID

CVE-2023-32096

Дефекты

CWE-14

Связанные уязвимости

CVE-2023-32096

CVSS3: 3.1

nvd

больше 2 лет назад

Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

EPSS

Процентиль: 24%

0.00082

Низкий

3.1 Low

CVSS3

CVE ID

CVE-2023-32096

Дефекты

CWE-14