The vulnerability of the uC-HTTP server, related to writing beyond the buffer boundary, allows attackers to execute arbitrary code by sending a specially crafted HTTP request.

🗓️ 01 Dec 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

uC-HTTP server buffer overflow allows remote code execution via crafted HTTP request.

Reporter	Title	Published	Views	Family All 12
CNNVD	Micrium uC-HTTP Security Vulnerability	14 Nov 202300:00	–	cnnvd
CVE	CVE-2023-27882	14 Nov 202309:14	–	cve
Cvelist	CVE-2023-27882	14 Nov 202309:14	–	cvelist
EUVD	EUVD-2023-31617	3 Oct 202520:07	–	euvd
NVD	CVE-2023-27882	14 Nov 202310:15	–	nvd
Prion	Heap overflow	14 Nov 202310:15	–	prion
Positive Technologies	PT-2023-7291 · Unknown · Weston Embedded Uc-Http	14 Nov 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-27882	23 May 202502:26	–	redhatcve
Talos	Weston Embedded uC-HTTP HTTP Server form boundary heap-based buffer overflow vulnerability	14 Nov 202300:00	–	talos
Talos Blog	Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution	22 Nov 202317:00	–	talosblog

Vulners

Node

silicon_labs gecko_platformMatch4.3.1.0

OR

weston_embedded uc-httpMatch3.01.01

OR

weston_embedded cesium_netMatch3.07.01

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2023-1733
web	www.web.nvd.nist.gov/view/vuln/detail
talosintelligence	www.talosintelligence.com/reports/TALOS-2023-1733

01 Dec 2023 00:00Current

8.3High risk

Vulners AI Score8.3

CVSS 39.8

CVSS 210

EPSS0.01778

buffer overflow remote code execution web request microcontroller web server