cbcvebase.

Silicon Labs Gecko Os vulnerabilities

6 known vulnerabilities affecting silicon_labs/gecko_os.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-2837P2HIGHCVSS 8.8v1.0.462025-03-26
CVE-2025-2837 [HIGH] CWE-121 CVE-2025-2837: Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulner Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP
nvd
CVE-2024-23938P2HIGHCVSS 8.8v1.0.462024-09-28
CVE-2024-23938 [HIGH] CWE-121 CVE-2024-23938: Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerabilit Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The
nvd
CVE-2024-23973P3HIGHCVSS 8.8vall versions2025-01-31
CVE-2024-23973 [HIGH] CWE-120 CVE-2024-23973: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data pri
nvd
CVE-2024-24731P3HIGHCVSS 8.8vall versions2025-01-31
CVE-2024-24731 [HIGH] CWE-120 CVE-2024-24731: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-sup
nvd
CVE-2025-2838P4MEDIUMCVSS 6.5v1.0.462025-03-26
CVE-2025-2838 [MEDIUM] CWE-835 CVE-2025-2838: Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vu Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of DN
nvd
CVE-2024-23937P4MEDIUMCVSS 4.3vall versions2025-01-31
CVE-2024-23937 [MEDIUM] CWE-200 CVE-2024-23937: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it a
nvd
Silicon Labs Gecko Os vulnerabilities | cvebase