Silicon Labs Simplicity SDK Buffer Overflow Vulnerability in Packet Handoff Plugin
Vulnerability
A buffer overflow vulnerability has been identified in the packet handoff plugin of Silicon Labs' Simplicity SDK. This vulnerability allows an attacker to overwrite memory outside the plugin's designated buffer, potentially leading to arbitrary code execution or other malicious outcomes. The issue is present in several components of the Simplicity SDK, including the Bluetooth SDK, Bluetooth Mesh SDK, Gecko Platform, OpenThread SDK, Proprietary Flex SDK, USB Device Stack, Wi-SUN SDK, Z-Wave and Z-Wave Long Range 800 SDK, and Zigbee EmberZNet SDK.
Impact
Exploitation of this vulnerability allows for memory corruption through buffer overflow, which could be leveraged to execute arbitrary code or cause a denial-of-service condition by crashing the application.
Remediation
Users can upgrade to the latest version of the Simplicity SDK, which includes the patched version of the packet handoff plugin. The latest version can be downloaded from the Silicon Labs GitHub repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.