CVE-2023-45318

Summary

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Silicon LabsGecko PlatformSilicon Labs Gecko Platform 4.3.2.0affected
Weston EmbeddeduC-HTTPgit commit 80d4004affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References