First published: Tue Nov 14 2023(Updated: )
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Silabs Gecko Software Development Kit | =4.3.1 | |
Weston-embedded Cesium Net | =3.07.01 | |
Weston-embedded Uc-http | =3.01.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-24585.
The severity rating of CVE-2023-24585 is critical with a value of 9.8.
The Silabs Gecko Software Development Kit version 4.3.1, Weston-embedded Cesium Net version 3.07.01, and Weston-embedded Uc-http version 3.01.01 are affected by this vulnerability.
The Common Weakness Enumeration (CWE) IDs associated with this vulnerability are CWE-119 and CWE-787.
This vulnerability can be exploited by sending a specially crafted network packet to the HTTP Server functionality of Weston Embedded uC-HTTP, leading to memory corruption.