CVE-2023-3488
LOWSilicon Labs Gecko SDK < 4.3.0 - Uninitialized Buffer Data Leak via GBL Parser
Title source: llmDescription
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.
References (2)
Core 2
Core References
Release Notes patch
https://github.com/SiliconLabs/gecko_sdk/releases
Permissions Required vendor-advisory
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1
Scores
CVSS v3
3.8
EPSS
0.0025
EPSS Percentile
15.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-908
Status
published
Products (1)
silabs/gecko_software_development_kit
< 4.3.0
Published
Jul 28, 2023
Tracked Since
Feb 18, 2026