CVE-2023-24585

Summary

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Silicon LabsGecko Platform4.3.1.0affected
Weston EmbeddedCesium NET3.07.01affected
Weston EmbeddeduC-HTTPv3.01.01affected

Weaknesses

  • CWE-119: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References