CVE-2023-45318

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843	Exploit Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:silabs:gecko_software_development_kit:4.3.2.0:::::::*
	cpe:2.3:a:weston-embedded:uc-http:-:::::::*

History

12 Feb 2025, 18:50

Type	Values Removed	Values Added
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843 - Exploit, Third Party Advisory
First Time		Weston-embedded uc-http Silabs Silabs gecko Software Development Kit Weston-embedded
CWE		CWE-787
CPE		cpe:2.3:a:silabs:gecko_software_development_kit:4.3.2.0:::::::* cpe:2.3:a:weston-embedded:uc-http:-:::::::*

21 Nov 2024, 08:26

Type	Values Removed	Values Added
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843 -
Summary		(es) Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad del servidor HTTP de Weston Embedded uC-HTTP git commit 80d4004. Un paquete de red especialmente manipulado puede provocar la ejecución de código arbitrario. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad.

20 Feb 2024, 18:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1843', 'source': 'talos-cna@cisco.com'}~~

20 Feb 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-20 15:15

Updated : 2025-02-12 18:50

NVD link : CVE-2023-45318

Mitre link : CVE-2023-45318

CVE.ORG link : CVE-2023-45318

JSON object : View

Products Affected

silabs

gecko_software_development_kit

weston-embedded

uc-http

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-45318", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-20T15:15:08.727", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en la funcionalidad del servidor HTTP de Weston Embedded uC-HTTP git commit 80d4004. Un paquete de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad."}], "lastModified": "2025-02-12T18:50:45.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:4.3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "630B4655-F4AA-4DAA-8127-BBC89EE6046C"}, {"criteria": "cpe:2.3:a:weston-embedded:uc-http:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE7CD12C-6F8F-4347-B9BD-51C46EF0F84E"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}

10.0 /10