Lucene search

TalosVULNRICHMENT:CVE-2023-45318

HistoryFeb 20, 2024 - 2:45 p.m.

CVE-2023-45318

2024-02-2014:45:02

CWE-122

talos

github.com

cve-2023-45318

http server

weston embedded uc-http

buffer overflow

arbitrary code execution

network packet

attacker

vulnerability

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:siliconlabs:gecko_platform:*:*:*:*:*:*:*:*"
    ],
    "vendor": "siliconlabs",
    "product": "gecko_platform",
    "versions": [
      {
        "status": "affected",
        "version": "4.3.2.0"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:weston-embedded:uc-http:*:*:*:*:*:*:*:*"
    ],
    "vendor": "weston-embedded",
    "product": "uc-http",
    "versions": [
      {
        "status": "affected",
        "version": "git commit 80d4004"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1843

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-45318