Memory Corruption Vulnerability in Weston Embedded uC-HTTP Server
CVE-2023-31247

9CRITICAL

Key Information:

Vendor: Silicon Labs
Status: Gecko Platform; Cesium Net; Uc-http
Vendor: CVE Published:; 14 November 2023

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2023-31247?

A memory corruption vulnerability has been identified in the HTTP Server Host header parsing functionality of the Weston Embedded uC-HTTP version 3.01.01. Exploitation of this vulnerability allows attackers to craft a malicious network packet, leading to possible code execution on the affected system. It is essential for organizations using this product to assess their exposure and implement necessary security measures to mitigate potential attacks.

Affected Version(s)

Cesium NET 3.07.01

Gecko Platform 4.3.1.0

uC-HTTP v3.01.01

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Apr 28, 2023

Credit

Discovered by Kelly Leuschner of Cisco Talos.