PT-2023-7288 · Unknown · Weston Embedded Uc-Http

Kelly Leuschner

Publicado

2023-11-14

Atualizado

2023-11-17

CVE-2023-28391

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Weston Embedded uC-HTTP version 3.01.01

Description A memory corruption issue exists in the HTTP Server header parsing functionality. This can be exploited by sending specially crafted network packets, potentially leading to code execution. An attacker can trigger this issue by sending a malicious packet.

Recommendations For version 3.01.01, consider disabling the HTTP Server header parsing functionality until a patch is available. Restrict access to the HTTP server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

BDU:2023-08316

CVE-2023-28391

Produtos afetados

Weston Embedded Uc-Http

PT-2023-7288 · Unknown · Weston Embedded Uc-Http

CVE-2023-28391

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6