CVE-2024-23973

Опубликовано: 31 янв. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.

Ссылки

https://community.silabs.com/a45Vm0000000Atp
Permissions Required
https://www.zerodayinitiative.com/advisories/ZDI-24-873/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:silabs:gecko_os:*:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

8.8 High

CVSS3

Дефекты

CWE-120

Связанные уязвимости

GHSA-fqm6-c2wr-r94m

CVSS3: 8.8

github

около 1 года назад

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.

EPSS

Процентиль: 43%

0.00206

Низкий

8.8 High

CVSS3

Дефекты

CWE-120