CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-24731: Silicon Labs Gecko OS http_download Stack-based Buffer Overflow

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.

Classification

CVE ID: CVE-2024-24731

Affected Products

Vendor: Silicon Labs

Product: Gecko OS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 19.06% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://www.zerodayinitiative.com/advisories/ZDI-24-870/
https://community.silabs.com/a45Vm0000000Atp

Timeline

2025-01-31 00:30:17 UTC
CVE

Silicon Labs Gecko OS http_download Stack-based Buffer Overflow