Heap-Based Buffer Overflow in Weston Embedded uC-HTTP by Weston
CVE-2023-25181

9CRITICAL

Key Information:

Vendor: Silicon Labs
Status: Gecko Platform; Cesium Net; Uc-http
Vendor: CVE Published:; 14 November 2023

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2023-25181?

A vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01, characterized as a heap-based buffer overflow. This flaw can be exploited by sending specially crafted network packets, leading to arbitrary code execution in the affected system. This presents a significant risk as attackers can remotely trigger the vulnerability, compromising the integrity and security of the system.

Affected Version(s)

Cesium NET 3.07.01

Gecko Platform 4.3.1.0

uC-HTTP v3.01.01

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Feb 14, 2023

Credit

Discovered by Kelly Leuschner of Cisco Talos.