CVE-2022-24942

Name of the Vulnerable Software and Affected Versions Micrium uC-HTTP version 3.01.01 Silicon Labs Gecko SDK (affected versions not specified)

Description The issue is related to a heap-based buffer overflow in the HTTP server functionality. This can be exploited by sending a specially crafted HTTP request, allowing a remote attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Micrium uC-HTTP version 3.01.01, consider disabling the HTTP server functionality until a patch is available. For Silicon Labs Gecko SDK, at the moment, there is no information about a newer version that contains a fix for this vulnerability.