106 matches found
[SECURITY] Fedora 42 Update: libwebsockets-4.3.7-2.fc42
This is the libwebsockets C library for lightweight websocket clients and servers...
libwebsockets: Stack-based Buffer Overflow in libwebsockets
A stack based buffer overflow flaw has been discovered in libwebsockets. The vulnerability allows an attacker that can inspect DNS requests made by the victim e.g. being in the same wireless network to forge a DNS response packet that overflows the stack and may lead to arbitrary code execution...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (libwebsockets) security update
An update for libwebsockets is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 9 : Red Hat OpenStack Platform 17.1 (libwebsockets) (RHSA-2025:22969)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:22969 advisory. Security Fixes: Stack-based Buffer Overflow in libwebsockets CVE-2025-11678 For more details about the security issues, including the impact, a CVSS...
Fedora 42 : libwebsockets (2025-0c12fa2541)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0c12fa2541 advisory. Update to 4.3.7, enable glib event loop Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libwebsockets (UTSA-2025-991024)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991024 advisory. Stack-based Buffer Overflowin lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libwebsockets (UTSA-2025-991026)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991026 advisory. Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user...
Debian: Security Advisory (DLA-4373-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4373-1] libwebsockets security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4373-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta November 17, 2025 https://wiki.debian.org/LTS -...
Debian dla-4373 : libwebsockets-dev - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4373 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4373-1 [email protected]...
DLA-4373-1 libwebsockets - security update
Bulletin has no description...
Linux Distros Unpatched Vulnerability : CVE-2025-11677
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the use...
Linux Distros Unpatched Vulnerability : CVE-2025-11680
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is...
Linux Distros Unpatched Vulnerability : CVE-2025-11679
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is...
Linux Distros Unpatched Vulnerability : CVE-2025-11678
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow th...
CVE-2025-11678
Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the labelstack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer...
SUSE CVE-2025-11677
Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...
SUSE CVE-2025-11678
Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the labelstack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer...
SUSE CVE-2025-11680
Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...
EUVD-2025-35055
Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...