{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0619", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "state": "PUBLISHED", "assignerShortName": "Silabs", "dateReserved": "2026-01-05T19:06:00.585Z", "datePublished": "2026-02-12T20:09:28.533Z", "dateUpdated": "2026-02-12T20:43:50.690Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Silicon Labs Matter", "repo": "https://github.com/SiliconLabs/matter", "vendor": "silabs.com", "versions": [{"lessThan": "2.8.0", "status": "affected", "version": "2.7.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device. "}], "value": "A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device."}], "impacts": [{"capecId": "CAPEC-128", "descriptions": [{"lang": "en", "value": "CAPEC-128 Integer Attacks"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2026-02-12T20:09:28.533Z"}, "references": [{"tags": ["vendor-advisory", "permissions-required"], "url": "https://community.silabs.com/068Vm00000gUB2g"}], "source": {"discovery": "UNKNOWN"}, "title": "Integer Wraparound DoS in Silicon Labs Matter Implementation", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-12T20:43:39.885555Z", "id": "CVE-2026-0619", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T20:43:50.690Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-12T20:43:39.885555Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T20:43:42.013Z"}}], "cna": {"title": "Integer Wraparound DoS in Silicon Labs Matter Implementation", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-128", "descriptions": [{"lang": "en", "value": "CAPEC-128 Integer Attacks"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/SiliconLabs/matter", "vendor": "silabs.com", "product": "Silicon Labs Matter", "versions": [{"status": "affected", "version": "2.7.0", "lessThan": "2.8.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.silabs.com/068Vm00000gUB2g", "tags": ["vendor-advisory", "permissions-required"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.", "supportingMedia": [{"type": "text/html", "value": "A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs", "dateUpdated": "2026-02-12T20:09:28.533Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0619", "state": "PUBLISHED", "dateUpdated": "2026-02-12T20:43:50.690Z", "dateReserved": "2026-01-05T19:06:00.585Z", "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "datePublished": "2026-02-12T20:09:28.533Z", "assignerShortName": "Silabs"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device."}, {"lang": "es", "value": "Un bucle infinito alcanzable a trav\u00e9s de un desbordamiento de enteros est\u00e1 presente en el SDK de Matter de Silicon Labs, lo que permite a un atacante desencadenar una denegaci\u00f3n de servicio. Se requiere un reinicio forzado para recuperar el dispositivo."}], "id": "CVE-2026-0619", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "product-security@silabs.com", "type": "Secondary"}]}, "published": "2026-02-12T21:16:02.500", "references": [{"source": "product-security@silabs.com", "url": "https://community.silabs.com/068Vm00000gUB2g"}], "sourceIdentifier": "product-security@silabs.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-835"}], "source": "product-security@silabs.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.7.0,2.8.0)"}}], "product": "silicon_labs_matter", "vendor": "silabs.com"}], "analysis": {"en": {"generated_at": "2026-04-17T19:58:56.253382+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware or Matter SDK update released by Silicon Labs that addresses the integer wraparound issue.", "If an update is not yet available, temporarily disable Matter communication or restrict network access to the device to reduce exposure.", "Continuously monitor device CPU utilization; if overload is detected, perform a hard reset and investigate for abnormal activity."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The issue affects devices that run Silicon Labs Matter, the Matter protocol stack supplied by Silicon Labs. The vendor list identifies Silicon Labs Matter, but no specific firmware or SDK version numbers are supplied. Administrators should review all deployed Matter firmware to determine whether they are using the affected build, focusing on versions prior to any releases that mention the integer wraparound fix.", "description_and_impact": "A reachable infinite loop caused by an integer wraparound occurs in the Silicon Labs Matter SDK. The flaw allows an attacker to send crafted data that triggers the SDK to enter an endless loop, consuming processor cycles until the device becomes unresponsive. The result is a denial\u2011of\u2011service condition that requires a hard reset to restore normal operation. The weakness corresponds to CWE\u2011190 (Integer Overflow or Wraparound) and CWE\u2011835 (Infinite Loop).", "risk_and_exploitability": "The CVSS base score of 6 indicates a medium severity vulnerability. The EPSS score of less than 1% implies a very low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote delivery of malformed Matter data, though the description does not state a specific means. Because the attack necessitates an infinite loop, it requires a target that executes the vulnerable Matter SDK code, and the impact is limited to device availability. No public exploits are documented; however, the denial\u2011of\u2011service condition can disrupt network services that rely on those devices."}}}}, "created": "2026-02-13T21:29:25.985174+00:00", "updated": "2026-04-17T20:00:09.042434+00:00", "vendors": ["silabs.com", "silabs.com$PRODUCT$silicon_labs_matter"]}