CVE-2023-4041

CRITICAL

Silicon Labs Gecko Bootloader - Classic Buffer Overflow

Title source: llm

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

References (1)

[Permissions Required] https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1

Scores

CVSS v3 9.8

EPSS 0.0003

EPSS Percentile 10.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-494 CWE-913 CWE-120 CWE-787

Status published

Products (1)

silabs/gecko_bootloader < 4.2.4

Published Aug 23, 2023

Tracked Since Feb 18, 2026