CVE-2023-2683: Connection update while closing connection may lead to denial-of-service

5.3 CVSS

Description

A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.

Classification

CVE ID: CVE-2023-2683

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

Affected Products

Vendor: silabs.com

Product: Bluetooth SDK

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 26.42% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/SiliconLabs
https://https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000U2U1QQAV?operationContext=S1

Timeline

2024-12-12 00:30:33 UTC
CVE

Connection update while closing connection may lead to denial-of-service