CVE-2023-6387 HIGH

CVE-2023-6387: Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow

Vendor Silabs.com

Product GSDK

Weakness CWE-787

Published February 2, 2024

Last update May 15, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Adjacent

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution

Key dates

02Disclosure timeline

February 2, 2024 CVE published

May 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6387 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

04Related CVE

CVE-2018-25228 NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service CVE-2020-17528 Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length CVE-2019-25689 HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH CVE-2024-39816 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability CVE-2024-13046 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability