CVE-2023-32098

SiliconLabs/gecko_sdk

on github

Published

May 18, 2023

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

N/A

Description

Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.

References

https://github.com/SiliconLabs/gecko_sdk
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U19lGQAR?operationContext=S1

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:silabs:gecko_software_development_kit::::::::	n/a	4.2.1 (including)	*

External Links

NVD - CVE-2023-32098