本ページは silabs emberznet に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-51394 | High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash. | [email protected] | 5.3 | 0.05% | 2024-02-23 | 2025-02-12 |
| CVE-2023-51393 | Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. | [email protected] | 5.3 | 0.05% | 2024-02-23 | 2025-02-12 |
| CVE-2023-51392 | Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks. | [email protected] | 6.2 | 0.03% | 2024-02-23 | 2025-02-12 |
| CVE-2023-41094 | TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected | [email protected] | 10.0 | 0.08% | 2023-10-04 | 2024-11-21 |
| CVE-2022-24938 | A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. | [email protected] | 6.5 | 0.51% | 2022-11-14 | 2024-11-21 |
| CVE-2022-24937 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. | [email protected] | 6.5 | 0.61% | 2022-11-14 | 2024-11-21 |