CVE-2023-40296

Name of the Vulnerable Software and Affected Versions async-sockets-cpp versions 0.3.1 and earlier

Description The issue is a stack-based buffer overflow in the ReceiveFrom and Receive functions in udpsocket.hpp when processing malformed UDP packets. This occurs in the async-sockets-cpp library.

Recommendations For versions 0.3.1 and earlier, consider disabling the ReceiveFrom and Receive functions in udpsocket.hpp until a patch is available to prevent exploitation of the stack-based buffer overflow. Restrict access to the udpsocket.hpp module to minimize the risk of exploitation. Avoid using the async-sockets-cpp library with untrusted UDP packets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.