CVE-2022-24936

Опубликовано: 02 нояб. 2022

Источник: nvd

CVSS3: 8.3

CVSS3: 9.1

EPSS Низкий

Описание

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.

Ссылки

https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1
Permissions Required
Vendor Advisory
https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c
Exploit
Third Party Advisory
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Gdop4QAB?operationContext=S1
Permissions Required
Vendor Advisory
https://github.com/SiliconLabs/gecko_sdk/blame/2e82050dc8823c9fe0e8908c1b2666fb83056230/platform/bootloader/core/btl_bootload.c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*

Версия до 4.0.1 (включая)

EPSS

Процентиль: 63%

0.00446

Низкий

8.3 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-119

CWE-787

Связанные уязвимости

GHSA-v3qm-xpj7-89x6

CVSS3: 9.1

github

больше 3 лет назад

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.

EPSS

Процентиль: 63%

0.00446

Низкий

8.3 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-119

CWE-787