Buffer overflow in Si91x crypto APIs

July 25, 2025 invoker category_cve

CVE Details

Basic Information

Title	Buffer overflow in Si91x crypto APIs
Type	cve
Published	2025-07-25T15:46:02.258Z
Modified	2025-07-25T15:46:02.258Z

Product Information

Vendor	silabs.com
Product	WiseConnect
Version	3.0.0

CVSS Information

Base Score	6.0 (MEDIUM)
Attack Vector	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

silabs.com WiseConnect 3.0.0

Additional Information

CWE List	CWE-787
Source	Silabs

Description

The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application.

sl_si91x_aes
sl_si91x_gcm
sl_si91x_ccm
sl_si91x_sha

References

https://docs.silabs.com/wiseconnect/latest/sisdk-wifi-release-notes/
https://community.silabs.com/068Vm00000SSlOu

View Full CVE Details