CVE-2023-38562

2024-02-2015:15:08

CWE-415

talos

web.nvd.nist.gov

cve-2023-38562

double-free

vulnerability

ip header

weston embedded

uc-tcp-ip

memory corruption

code execution

network packets

unauthenticated packets

nvd

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

Percentile

9.0%

JSON

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

Affected configurations

Vulners

Vulnrichment

Node

weston_embeddeduc-tcp-ipRange≤v3.06.01

VendorProductVersionCPE
weston_embeddeduc-tcp-ip*cpe:2.3:a:weston_embedded:uc-tcp-ip:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
weston_embedded	uc-tcp-ip	*	cpe:2.3:a:weston_embedded:uc-tcp-ip::::::::

CNA Affected

[
  {
    "vendor": "Weston Embedded",
    "product": "uC-TCP-IP",
    "versions": [
      {
        "version": "v3.06.01",
        "status": "affected"
      }
    ]
  }
]