First published: Thu Jun 15 2023(Updated: )
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.
Credit: product-security@silabs.com product-security@silabs.com
Affected Software | Affected Version | How to fix |
---|---|---|
Silabs Bluetooth Low Energy Software Development Kit | >=5.0.0<=5.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2683 is a vulnerability in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 that allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail.
CVE-2023-2683 affects the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 by causing a memory leak when an attacker sends an invalid pairing message.
The severity of CVE-2023-2683 is medium with a CVSS score of 6.5.
An attacker can exploit CVE-2023-2683 by sending an invalid pairing message to the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1.
The memory leak caused by CVE-2023-2683 can be cleared by resetting the affected device.