CRITICAL🇵🇱 Wersja polska

CVE-2023-45318

CVSS 10.0v3.1pub. 2024-02-20upd. 2025-11-04

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.

🤖 AI Analysis
How it works

An attacker sends a specially crafted network packet to an HTTP server based on the uC-HTTP library. This packet causes a heap-based buffer overflow, which corresponds to CWE-122 and CWE-787 classifications (write out of buffer bounds). Exploiting this vulnerability can lead to hijacking the program execution flow and running arbitrary code on the vulnerable device.

Impact

An attacker can remotely execute arbitrary code (RCE) on a vulnerable device without any prior privileges, which in practice means complete takeover of the system, and in the case of IoT/embedded devices — also control over the supported physical infrastructure.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references (Cisco Talos TALOS-2023-1843). It is also recommended to restrict network access to devices using the uC-HTTP library through firewall or network segmentation until the patch is deployed.

Who is affected

Weston Embedded uC-HTTP (commit 80d4004) and Silabs Gecko Software Development Kit containing this library; specific versions indicated in manufacturer references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Silabs Gecko Software Development Kit

    APP
    Silabs
    4.3.2.0
  • Weston Embedded Uc Http

    APP
    Weston-Embedded
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2023-4280CRITICAL9.3PL ✓ten sam produkt

Silabs Gecko SDK: dostęp do pamięci TrustZone z niezaufanego regionu

CVE-2023-4020CRITICAL9.0PL ✓ten sam produkt

Błąd walidacji wejścia w TrustZone SDK Silicon Labs — dostęp do pamięci bezpiecznej

CVE-2023-27882CRITICAL9.0ten sam produkt

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Emb...

CVE-2023-28379CRITICAL9.0ten sam produkt

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-...

CVE-2023-25181CRITICAL9.0ten sam produkt

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP ...