7 matches found
CVE-2023-28391
CVE-2023-28391 : Talos reports a memory corruption vulnerability in Weston Embedded uC-HTTP v3.01.01’s HTTP Server header parsing. A crafted network packet can trigger a one-byte NULL overwrite during header value length handling, which, via heap corruption in uC-LIB Mem_DynPool, may allow an att...
CVE-2023-24585
CVE-2023-24585 affects Weston Embedded uC-HTTP v3.01.01, specifically the HTTP Server functionality. The vulnerability is an out-of-bounds write that occurs while parsing an HTTP request method, which can lead to memory corruption (including heap corruption). An attacker can trigger this by sendi...
CVE-2023-28379
Cisco Talos details a normal-mode vulnerability: CVE-2023-28379 is a memory corruption in Weston Embedded uC-HTTP HTTP Server form boundary handling (uC-HTTP v3.01.01). TALOS-2023-1738 confirms the issue as a heap-based overflow when parsing the form boundary string, where the boundary length is ...
CVE-2023-45318
Weston Embedded uC-HTTP-server (CVE-2023-45318) suffers a heap-based buffer overflow in Protocol Version parsing of HTTP requests, triggered by a misupdated RxBufLenRem during HTTPsReq_ProtocolVerParse, enabling arbitrary code execution. Affected: Weston Embedded uC-HTTP git commit 80d4004 (and r...
CVE-2023-25181
CVE-2023-25181 is a heap-based buffer overflow in the HTTP Server of Weston Embedded uC-HTTP v3.01.01. Talos confirms a specially crafted network packet can trigger an integer underflow in Protocol Version parsing, leading to arbitrary code execution. Vulnerable versions include Weston Embedded u...
CVE-2023-31247
CVE-2023-31247 concerns a memory corruption in the HTTP Server Host header parsing of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can trigger code execution. Talos confirms this as a vulnerability affecting Weston Embedded uC-HTTP v3.01.01 and related platforms (Cesium NE...
CVE-2023-27882
Talos advisory TALOS-2023-1733 documents a heap-based buffer overflow in Weston Embedded uC-HTTP server form boundary handling (v3.01.01), enabling code execution via a specially crafted network packet. Affected products/versions listed: Weston Embedded uC-HTTP v3.01.01, Cesium NET 3.07.01, Silic...