Memory Corruption Vulnerability in Weston Embedded uC-HTTP
CVE-2023-28391

9CRITICAL

Key Information:

Vendor
CVE Published:
14 November 2023

What is CVE-2023-28391?

A memory corruption issue has been identified in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. By sending specially crafted network packets, an attacker may exploit this vulnerability to execute arbitrary code on the affected system. This highlights the need for organizations utilizing this product to implement robust security measures and timely updates to mitigate potential risks.

Affected Version(s)

Cesium NET 3.07.01

Gecko Platform 4.3.1.0

uC-HTTP v3.01.01

References

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Discovered by Kelly Leuschner of Cisco Talos.
.