CVE-2023-51393 Vulnerability Details

  /     /     /  

CVE-2023-51393 Metadata Quick Info

CVE Published: 23/02/2024 | CVE Updated: 25/09/2024 | CVE Year: 2023
Source: Silabs | Vendor: silabs.com | Product: Ember ZNet SDK
Status : PUBLISHED

---

CVE-2023-51393 Description

Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-770
CWE Name: CWE-770 Allocation of Resources Without Limits or Throttling
Source: silabs.com

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-595
CAPEC Description: CAPEC-595 Connection Reset


Source: NVD (National Vulnerability Database).