Primary

Context

Silicon Labs Gecko OS Stack-Based Buffer Overflow Vulnerability in http_download Command Allowing Remote Code Execution

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in Silicon Labs Gecko OS, specifically within the http_download command. This issue allows network-adjacent attackers to execute arbitrary code on the affected device. The vulnerability arises from inadequate validation of user-supplied data length before it is copied to a stack-based buffer, creating an opportunity for code execution in the context of the device. Notably, authentication is not required to exploit this vulnerability.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Remediation

Silicon Labs has released an update to address this vulnerability. For more details, please refer to the Silicon Labs Community.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Silicon Labs Gecko OS Stack-Based Buffer Overflow Vulnerability in http_download Command Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Silicon Labs Gecko OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating