CVE-2023-4041 CRITICAL

CVE-2023-4041: Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability

Vendor Silicon Labs
Product Gecko Bootloader
Weakness CWE-120
Published August 23, 2023
Last update October 3, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

Key dates

02Disclosure timeline

August 23, 2023 CVE published
October 3, 2024 Record updated