CVE-2023-2683

Published: Jun 15, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.

Affected (1)

Products: Silabs: Bluetooth Low Energy Software Development Kit

Silabs

1 product

Bluetooth Low Energy Software Development Kit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Silabs Bluetooth Low Energy Software Development Kit	From 5.0.0 to 5.1.1

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (4)

https://github.com/SiliconLabs

Source: product-security@silabs.com

Not Applicable

https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1

Source: product-security@silabs.com

Broken Link

https://github.com/SiliconLabs

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.