CVE-2023-24585

Name of the Vulnerable Software and Affected Versions Weston Embedded uC-HTTP version 3.01.01

Description An out-of-bounds write issue exists in the HTTP Server functionality. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this issue, potentially allowing a remote attacker to execute arbitrary code by sending a specially crafted HTTP request.

Recommendations For version 3.01.01, consider disabling the HTTP Server functionality until a patch is available. Restrict access to the HTTP Server to minimize the risk of exploitation. Avoid using the vulnerable HTTP Server functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.