PT-2025-42761 · Unknown+3 · Libwebsockets+3
Published
2025-10-20
·
Updated
2026-02-11
·
CVE-2025-11678
CVSS v4.0
7.5
High
| Vector | AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
libwebsockets (affected versions not specified)
Description
A stack-based buffer overflow exists in the
lws adns parse label function within libwebsockets. This occurs when the LWS WITH SYS ASYNC DNS flag is enabled during compilation and an attacker crafts a DNS response with a label exceeding the maximum allowed length, after sniffing a DNS request. The overflow impacts the label stack.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Ubuntu
Libwebsockets