Gecko Sdk

Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability.

Published: 2025-10-17T16:02:55.583Z
Updated: 2025-10-17T17:20:32.188Z

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service.

Published: 2026-02-20T14:11:05.529Z
Updated: 2026-02-20T20:39:50.744Z

When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset.

Published: 2025-12-04T21:55:59.291Z
Updated: 2025-12-05T15:40:13.811Z

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#.

Published: 2024-06-06T21:31:53.472Z
Updated: 2024-08-01T20:26:57.298Z

A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.

Published: 2023-12-15T16:05:15.120Z
Updated: 2024-10-08T14:15:42.486Z

Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.

Published: 2023-06-02T15:56:21.083Z
Updated: 2025-01-08T17:56:25.502Z