Heap-based Buffer Overflow in Weston Embedded uC-HTTP Server
CVE-2023-27882

9CRITICAL

Key Information:

Vendor: Silicon Labs
Status: Gecko Platform; Cesium Net; Uc-http
Vendor: CVE Published:; 14 November 2023

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2023-27882?

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP version 3.01.01. This vulnerability can be exploited by sending specially crafted network packets, potentially leading to code execution. Attackers can leverage this vulnerability to execute arbitrary code, making it critical for users to apply security patches and mitigate exposure.

Affected Version(s)

Cesium NET 3.07.01

Gecko Platform 4.3.1.0

uC-HTTP v3.01.01

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Mar 22, 2023

Credit

Discovered by Kelly Leuschner of Cisco Talos.