CVE-2025-3873

The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application. sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sha

CVSS

No CVSS.

References

Link	Resource
https://community.silabs.com/068Vm00000SSlOu
https://docs.silabs.com/wiseconnect/latest/sisdk-wifi-release-notes/

Configurations

No configuration.

History

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) Las siguientes API para Silcon Labs SiWx91x anteriores a la versión 3.4.0 no pudieron verificar el tamaño del búfer de salida del llamador, lo que podría provocar corrupción de datos en la aplicación host (Cortex-M4). sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sha

25 Jul 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-25 16:15

Updated : 2025-07-29 14:14

NVD link : CVE-2025-3873

Mitre link : CVE-2025-3873

CVE.ORG link : CVE-2025-3873

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-3873", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "product-security@silabs.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-25T16:15:33.560", "references": [{"url": "https://community.silabs.com/068Vm00000SSlOu", "source": "product-security@silabs.com"}, {"url": "https://docs.silabs.com/wiseconnect/latest/sisdk-wifi-release-notes/", "source": "product-security@silabs.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "product-security@silabs.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application.\n\n\nsl_si91x_aes\nsl_si91x_gcm\nsl_si91x_ccm \nsl_si91x_sha"}, {"lang": "es", "value": "Las siguientes API para Silcon Labs SiWx91x anteriores a la versi\u00f3n 3.4.0 no pudieron verificar el tama\u00f1o del b\u00fafer de salida del llamador, lo que podr\u00eda provocar corrupci\u00f3n de datos en la aplicaci\u00f3n host (Cortex-M4). sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sha"}], "lastModified": "2025-07-29T14:14:55.157", "sourceIdentifier": "product-security@silabs.com"}