CVE-2018-20578

Name of the Vulnerable Software and Affected Versions NuttX versions prior to 7.27

Description An issue was discovered where the function netlib parsehttpurl() mishandles URLs longer than hostlen bytes, leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response.

Recommendations For versions prior to 7.27, update to version 7.27 or later to resolve the issue. As a temporary workaround, consider restricting the length of URLs handled by the netlib parsehttpurl() function to prevent the Infinite Loop.