The vulnerability of the HTTP-server’s header parsing function on the uC-HTTP server allows a attacker to execute arbitrary code.

🗓️ 13 Feb 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

A buffer overflow in the uC-HTTP server header parsing allows remote attackers to execute arbitrary code.

Reporter	Title	Published	Views	Family All 12
CNNVD	Micrium uC-HTTP Buffer Error Vulnerability	8 Nov 202300:00	–	cnnvd
CVE	CVE-2023-31247	14 Nov 202309:14	–	cve
Cvelist	CVE-2023-31247	14 Nov 202309:14	–	cvelist
EUVD	EUVD-2023-35562	3 Oct 202520:07	–	euvd
NVD	CVE-2023-31247	14 Nov 202310:15	–	nvd
Prion	Memory corruption	14 Nov 202310:15	–	prion
Positive Technologies	PT-2023-8560 · Unknown · Weston Embedded Uc-Http	14 Nov 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-31247	23 May 202503:24	–	redhatcve
Talos	Weston Embedded uC-HTTP HTTP Server Host header parsing memory corruption vulnerability	14 Nov 202300:00	–	talos
Talos Blog	Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution	22 Nov 202317:00	–	talosblog

Vulners

Node

silicon_labs gecko_platformMatch4.3.1.0

OR

weston_embedded uc-httpMatch3.01.01

OR

weston_embedded cesium_netMatch3.07.01

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2023-1746
weston-embedded	www.weston-embedded.com/micrium/overview
weston-embedded	www.weston-embedded.com/cesium-cs-net
silabs	www.silabs.com/developers/gecko-software-development-kit
web	www.web.nvd.nist.gov/view/vuln/detail
talosintelligence	www.talosintelligence.com/reports/TALOS-2023-1746

13 Feb 2024 00:00Current

8.5High risk

Vulners AI Score8.5

CVSS 27.6

CVSS 39

EPSS0.01672

uC-HTTP server header parsing buffer overflow remote code execution