CVE-2023-42189

Name of the Vulnerable Software and Affected Versions Connectivity Standards Alliance Matter Official SDK version 1.1.0.0 Nanoleaf Light strip version 3.5.10 Govee LED Strip version 3.00.42 switchBot Hub2 versions 1.0-0.8 Phillips hue hub version 1.59.1959097030 yeelight smart lamp version 1.12.69

Description The issue allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. This can lead to service disruption.

Recommendations For Connectivity Standards Alliance Matter Official SDK version 1.1.0.0, consider disabling the KeySetRemove function until a patch is available. For Nanoleaf Light strip version 3.5.10, restrict access to the KeySetRemove function to minimize the risk of exploitation. For Govee LED Strip version 3.00.42, avoid using the KeySetRemove function in scripts until the issue is resolved. For switchBot Hub2 versions 1.0-0.8, apply configuration changes to limit the impact of the denial of service. For Phillips hue hub version 1.59.1959097030, consider implementing additional security measures to prevent crafted scripts from reaching the KeySetRemove function. For yeelight smart lamp version 1.12.69, temporarily disable the KeySetRemove function to prevent potential attacks.