CVE-2023-3024: Bluetooth LE segmented 'prepare write response' packet may lead to out-of-bounds memory access
First published: Fri Sep 29 2023(Updated: )
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
Credit: product-security@silabs.com product-security@silabs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Silabs Gecko Software Development Kit | >=1.0.0<6.0.0 | |
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Any of | ||
| Qualcomm Aqt1000 | ||
| Qualcomm Csrb31024 | ||
| Qualcomm Wcd9370 | ||
| Qualcomm Wcd9375 | ||
| Qualcomm Wcd9380 | ||
| Qualcomm Wcd9385 | ||
| Qualcomm Wsa8830 | ||
| Qualcomm Wsa8835 | ||
| Silabs Gecko Software Development Kit | >=1.0.0<6.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-3024.
What is the title of this vulnerability?
The title of this vulnerability is 'Forcing the Bluetooth LE stack to segment prepare write response packets can lead to an out-of-bound...'
What is the description of this vulnerability?
The description of this vulnerability is 'Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
What is the severity rating of CVE-2023-3024?
The severity rating of CVE-2023-3024 is medium with a value of 6.5.
What software is affected by this vulnerability?
The Silabs Gecko Software Development Kit version 1.0.0 to 6.0.0 is affected by this vulnerability.
How can I fix CVE-2023-3024?
There is no known fix for CVE-2023-3024 at the moment. It is recommended to follow any updates or patches provided by the software vendor.
Where can I find more information about CVE-2023-3024?
You can find more information about CVE-2023-3024 in the references provided: [GitHub](https://github.com/SiliconLabs/gecko_sdk), [Silicon Labs](https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ViQvHQAV/?operationContext=S1).
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/silabs
- canonical/silabs gecko software development kit
- version/silabs gecko software development kit/1.0.0
- vendor/qualcomm
- canonical/google android
- canonical/qualcomm aqt1000
- canonical/qualcomm csrb31024
- canonical/qualcomm wcd9370
- canonical/qualcomm wcd9375
- canonical/qualcomm wcd9380
- canonical/qualcomm wcd9385
- canonical/qualcomm wsa8830
- canonical/qualcomm wsa8835