Description

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

Severity (CVSS)

Base score7.1
SeverityHigh
VersionCVSS 4.0
VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Provided byCNA

Weaknesses

  • CWE-125 — CWE-125: Out-of-bounds Read

Affected products

VendorProductVersions
Silicon LabsEmberZNet0 to <=9.0.2

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 26 Jun 2026 07:05 UTC.