Primary

Context

Silicon Labs Ember ZNet Stack Zigbee Buffer Overflow Vulnerability in APS Layer

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the APS layer of the Ember ZNet stack within the Silicon Labs Zigbee SDK. This issue arises from the processing of malformed packets, which can lead to an assertion failure. The vulnerability is present in several different versions of the Zigbee EmberZNet SDK.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Remediation

Users can upgrade to Zigbee EmberZNet SDK version 8.1.2.0, which addresses this vulnerability. This version is available as part of the Silicon Labs Simplicity SDK.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Silicon Labs Ember ZNet Stack Zigbee Buffer Overflow Vulnerability in APS Layer

Vulnerability

Impact

Remediation

Affected Products

Silicon Labs Simplicity SDK

Silicon Labs Zigbee EmberZNet SDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating