PT-2023-7290 · Unknown · Weston Embedded Uc-Http

Kelly Leuschner

Published

2023-11-14

Updated

2023-11-17

CVE-2023-24585

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Weston Embedded uC-HTTP version 3.01.01

Description An out-of-bounds write issue exists in the HTTP Server functionality. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this issue, potentially allowing a remote attacker to execute arbitrary code by sending a specially crafted HTTP request.

Recommendations For version 3.01.01, consider disabling the HTTP Server functionality until a patch is available. Restrict access to the HTTP Server to minimize the risk of exploitation. Avoid using the vulnerable HTTP Server functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2023-08318

CVE-2023-24585

Affected Products

Weston Embedded Uc-Http

PT-2023-7290 · Unknown · Weston Embedded Uc-Http

CVE-2023-24585

Weakness Enumeration

Related Identifiers

Affected Products

References · 7