{
  "id": "CVE-2023-42189",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-10-10T03:15:09.530",
  "lastModified": "2023-10-10T03:15:09.530",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/project-chip/connectedhomeip/issues/28518",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/project-chip/connectedhomeip/issues/28679",
      "source": "cve@mitre.org"
    }
  ]
}