CVE-2023-41097

Source
https://cve.org/CVERecord?id=CVE-2023-41097
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41097.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-41097
Published
2023-12-21T20:33:04.967Z
Modified
2026-07-08T06:23:42.241448988Z
Severity
  • 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Potential Timing vulnerability in CBC PKCS7 padding calculations
Details

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41097.json",
    "cna_assigner": "Silabs",
    "cwe_ids": [
        "CWE-208",
        "CWE-327"
    ]
}
References

Affected packages

Git / github.com/siliconlabs/gecko_sdk

Affected ranges

Type
GIT
Repo
https://github.com/siliconlabs/gecko_sdk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:silabs:gecko_software_development_kit:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.4.0"
        },
        {
            "last_affected": "4.4.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

v4.*
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.3.0
v4.3.1
v4.3.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41097.json"