Memory Corruption Vulnerability in Weston Embedded uC-HTTP
CVE-2023-28379

9CRITICAL

Key Information:

Vendor: Silicon Labs
Status: Gecko Platform; Cesium Net; Uc-http
Vendor: CVE Published:; 14 November 2023

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2023-28379?

A memory corruption vulnerability has been identified in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP version 3.01.01. This flaw allows an attacker to craft a malicious network packet that may lead to unauthorized code execution. By exploiting this vulnerability, an attacker can potentially gain control over affected systems, emphasizing the importance of applying security updates and implementing robust network defenses.

Affected Version(s)

Cesium NET 3.07.01

Gecko Platform 4.3.1.0

uC-HTTP v3.01.01

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Mar 24, 2023

Credit

Discovered by Kelly Leuschner of Cisco Talos.