Primary

Context

Silicon Labs Ember ZNet Stack Zigbee Buffer Overflow Vulnerability in NWK/APS Layer

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the NWK/APS layer of the Ember ZNet stack, specifically within the Zigbee SDK version 8.0.0.0. This vulnerability arises from the processing of malformed packets, which can lead to an assertion failure.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can potentially be leveraged to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Remediation

Users can upgrade to Zigbee EmberZNet SDK version 8.1.2.0, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Silicon Labs Ember ZNet Stack Zigbee Buffer Overflow Vulnerability in NWK/APS Layer

Vulnerability

Impact

Remediation

Affected Products

Silicon Labs Ember ZNet

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating