CVE-2023-28391

2023-11-1409:14:53

CWE-119

talos

www.cve.org

vulnerability

weston embedded

code execution

network packets

attacker

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

JSON

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "Silicon Labs",
    "product": "Gecko Platform",
    "versions": [
      {
        "version": "4.3.1.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Weston Embedded",
    "product": "Cesium NET",
    "versions": [
      {
        "version": "3.07.01",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Weston Embedded",
    "product": "uC-HTTP",
    "versions": [
      {
        "version": "v3.01.01",
        "status": "affected"
      }
    ]
  }
]