{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3017", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2024-03-27T15:31:21.891Z", "datePublished": "2024-06-27T18:35:26.344Z", "dateUpdated": "2024-08-01T19:32:42.527Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SiSDK", "vendor": "silabs.com", "versions": [{"lessThan": "2024.06.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In a \n\n<span style=\"background-color: rgb(255, 255, 255);\">Silicon Labs&nbsp;&nbsp;</span>multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service.&nbsp;"}], "value": "In a \n\nSilicon Labs\u00a0\u00a0multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service."}], "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-06-27T18:35:26.344Z"}, "references": [{"tags": ["product"], "url": "https://github.com/SiliconLabs/simplicity_sdk"}, {"tags": ["vendor-advisory", "permissions-required"], "url": "https://community.silabs.com/069Vm000007UEhZIAW"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of service in multi-protocol gateway - Zigbee + Thread", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "silabs", "product": "sisdk", "cpes": ["cpe:2.3:a:silabs:sisdk:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "0", "status": "affected", "lessThan": "2024.06.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-03T19:31:21.582199Z", "id": "CVE-2024-3017", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T14:49:48.889Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.527Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://github.com/SiliconLabs/simplicity_sdk"}, {"tags": ["vendor-advisory", "permissions-required", "x_transferred"], "url": "https://community.silabs.com/069Vm000007UEhZIAW"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/SiliconLabs/simplicity_sdk", "tags": ["product", "x_transferred"]}, {"url": "https://community.silabs.com/069Vm000007UEhZIAW", "tags": ["vendor-advisory", "permissions-required", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.527Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-03T19:31:21.582199Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:silabs:sisdk:*:*:*:*:*:*:*:*"], "vendor": "silabs", "product": "sisdk", "versions": [{"status": "affected", "version": "0", "lessThan": "2024.06.0", "versionType": "semver"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T19:44:33.523Z"}}], "cna": {"title": "Denial of service in multi-protocol gateway - Zigbee + Thread", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "silabs.com", "product": "SiSDK", "versions": [{"status": "affected", "version": "0", "lessThan": "2024.06.0", "versionType": "semver"}], "defaultStatus": "affected"}], "references": [{"url": "https://github.com/SiliconLabs/simplicity_sdk", "tags": ["product"]}, {"url": "https://community.silabs.com/069Vm000007UEhZIAW", "tags": ["vendor-advisory", "permissions-required"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In a \n\nSilicon Labs\u00a0\u00a0multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service.", "supportingMedia": [{"type": "text/html", "value": "In a \n\n<span style=\"background-color: rgb(255, 255, 255);\">Silicon Labs&nbsp;&nbsp;</span>multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service.&nbsp;", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2024-06-27T18:35:26.344Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3017", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:32:42.527Z", "dateReserved": "2024-03-27T15:31:21.891Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2024-06-27T18:35:26.344Z", "assignerShortName": "Silabs"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In a \n\nSilicon Labs\u00a0\u00a0multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service."}, {"lang": "es", "value": "En una puerta de enlace multiprotocolo de Silicon Labs, un puntero corrupto a datos almacenados en un b\u00fafer en un coprocesador de radio multiprotocolo (RCP) hace que la tarea de la aplicaci\u00f3n OpenThread Border Router (OTBR) que se ejecuta en la plataforma host falle, lo que permite que un atacante cause una denegaci\u00f3n temporal de servicio."}], "id": "CVE-2024-3017", "lastModified": "2024-11-21T09:28:41.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2024-06-27T19:15:14.483", "references": [{"source": "product-security@silabs.com", "url": "https://community.silabs.com/069Vm000007UEhZIAW"}, {"source": "product-security@silabs.com", "url": "https://github.com/SiliconLabs/simplicity_sdk"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://community.silabs.com/069Vm000007UEhZIAW"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/SiliconLabs/simplicity_sdk"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "product-security@silabs.com", "type": "Secondary"}]}

{}