First published: Tue Nov 14 2023(Updated: )
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Silabs Gecko Software Development Kit | =4.3.1 | |
Weston-embedded Cesium Net | =3.07.01 | |
Weston-embedded Uc-http | =3.01.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-31247 is a memory corruption vulnerability in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01.
CVE-2023-31247 affects Silabs Gecko Software Development Kit version 4.3.1.
CVE-2023-31247 affects Weston-embedded Cesium Net version 3.07.01.
CVE-2023-31247 affects Weston-embedded Uc-http version 3.01.01.
CVE-2023-31247 has a severity rating of critical.
CVE-2023-31247 has CWE vulnerabilities 119 and 787.
The CVE-2023-31247 vulnerability can be exploited by sending a specially crafted network packet to trigger code execution.
To fix the CVE-2023-31247 vulnerability in Silabs Gecko Software Development Kit, update to version 4.3.2 or later.
To fix the CVE-2023-31247 vulnerability in Weston-embedded Cesium Net, update to version 3.07.02 or later.
To fix the CVE-2023-31247 vulnerability in Weston-embedded Uc-http, update to version 3.01.02 or later.