Lucene search
K
Weston-embeddedUc-http

7 matches found

CVE
CVE
added 2023/11/14 9:14 a.m.90 views

CVE-2023-28391

CVE-2023-28391 : Talos reports a memory corruption vulnerability in Weston Embedded uC-HTTP v3.01.01’s HTTP Server header parsing. A crafted network packet can trigger a one-byte NULL overwrite during header value length handling, which, via heap corruption in uC-LIB Mem_DynPool, may allow an att...

9.8CVSS9.6AI score0.01475EPSS
CVE
CVE
added 2023/11/14 9:14 a.m.86 views

CVE-2023-24585

CVE-2023-24585 affects Weston Embedded uC-HTTP v3.01.01, specifically the HTTP Server functionality. The vulnerability is an out-of-bounds write that occurs while parsing an HTTP request method, which can lead to memory corruption (including heap corruption). An attacker can trigger this by sendi...

9.8CVSS9.3AI score0.01209EPSS
CVE
CVE
added 2023/11/14 9:14 a.m.80 views

CVE-2023-28379

Cisco Talos details a normal-mode vulnerability: CVE-2023-28379 is a memory corruption in Weston Embedded uC-HTTP HTTP Server form boundary handling (uC-HTTP v3.01.01). TALOS-2023-1738 confirms the issue as a heap-based overflow when parsing the form boundary string, where the boundary length is ...

9.8CVSS9.6AI score0.01672EPSS
CVE
CVE
added 2024/02/20 2:45 p.m.80 views

CVE-2023-45318

Weston Embedded uC-HTTP-server (CVE-2023-45318) suffers a heap-based buffer overflow in Protocol Version parsing of HTTP requests, triggered by a misupdated RxBufLenRem during HTTPsReq_ProtocolVerParse, enabling arbitrary code execution. Affected: Weston Embedded uC-HTTP git commit 80d4004 (and r...

10CVSS9.7AI score0.01746EPSS
CVE
CVE
added 2023/11/14 9:14 a.m.79 views

CVE-2023-25181

CVE-2023-25181 is a heap-based buffer overflow in the HTTP Server of Weston Embedded uC-HTTP v3.01.01. Talos confirms a specially crafted network packet can trigger an integer underflow in Protocol Version parsing, leading to arbitrary code execution. Vulnerable versions include Weston Embedded u...

9.8CVSS9.7AI score0.01688EPSS
CVE
CVE
added 2023/11/14 9:14 a.m.79 views

CVE-2023-31247

CVE-2023-31247 concerns a memory corruption in the HTTP Server Host header parsing of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can trigger code execution. Talos confirms this as a vulnerability affecting Weston Embedded uC-HTTP v3.01.01 and related platforms (Cesium NE...

9.8CVSS9.6AI score0.01672EPSS
CVE
CVE
added 2023/11/14 9:14 a.m.77 views

CVE-2023-27882

Talos advisory TALOS-2023-1733 documents a heap-based buffer overflow in Weston Embedded uC-HTTP server form boundary handling (v3.01.01), enabling code execution via a specially crafted network packet. Affected products/versions listed: Weston Embedded uC-HTTP v3.01.01, Cesium NET 3.07.01, Silic...

9.8CVSS9.6AI score0.01778EPSS