Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4041

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

Published

2023-08-23T05:15:47.990

Last Modified

2024-11-21T08:34:16.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-120
CWE-787
CWE-913
Type: Primary
CWE-120
CWE-494
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	silabs	gecko_bootloader	< 4.2.4	Yes
Application	silabs	gecko_bootloader	< 4.3.2	Yes

References

https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1 Permissions Required ([email protected])
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)