CVE-2023-24585 - Vulnerability Details - OpenCVE

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00301.

Key SSVC decision points have not yet been added.

Vendors	Products
Silabs Subscribe	Gecko Software Development Kit Subscribe
Weston-embedded Subscribe	Cesium Net Subscribe Uc-http Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:silabs:gecko_software_development_kit:4.3.1:::::::*
	cpe:2.3:a:weston-embedded:cesium_net:3.07.01:::::::*
	cpe:2.3:a:weston-embedded:uc-http:3.01.01:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-28600	An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1725

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2023-11-14T09:14:53.950Z

Updated: 2024-08-02T11:03:18.943Z

Reserved: 2023-02-13T18:12:54.125Z

Link: CVE-2023-24585

Vulnrichment

Updated: 2024-07-31T20:15:46.106Z

NVD

Status : Modified

Published: 2023-11-14T10:15:26.303

Modified: 2024-11-21T07:48:10.920

Link: CVE-2023-24585

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24585", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-02-13T18:12:54.125Z", "datePublished": "2023-11-14T09:14:53.950Z", "dateUpdated": "2024-08-02T11:03:18.943Z"}, "containers": {"cna": {"affected": [{"vendor": "Silicon Labs", "product": "Gecko Platform", "versions": [{"version": "4.3.1.0", "status": "affected"}]}, {"vendor": "Weston Embedded", "product": "Cesium NET", "versions": [{"version": "3.07.01", "status": "affected"}]}, {"vendor": "Weston Embedded", "product": "uC-HTTP", "versions": [{"version": "v3.01.01", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE", "cweId": "CWE-119"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-11-14T18:00:07.178Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725"}], "credits": [{"lang": "en", "value": "Discovered by Kelly Leuschner of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1725"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:18.943Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T14:38:15.491770Z", "id": "CVE-2023-24585", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:38:23.813Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1725"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-07-31T20:15:46.106Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24585", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T14:38:15.491770Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:38:20.302Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Kelly Leuschner of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Silicon Labs", "product": "Gecko Platform", "versions": [{"status": "affected", "version": "4.3.1.0"}]}, {"vendor": "Weston Embedded", "product": "Cesium NET", "versions": [{"status": "affected", "version": "3.07.01"}]}, {"vendor": "Weston Embedded", "product": "uC-HTTP", "versions": [{"status": "affected", "version": "v3.01.01"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-11-14T18:00:07.178Z"}}}, "cveMetadata": {"cveId": "CVE-2023-24585", "state": "PUBLISHED", "dateUpdated": "2024-08-01T14:38:23.813Z", "dateReserved": "2023-02-13T18:12:54.125Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2023-11-14T09:14:53.950Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silabs:gecko_software_development_kit:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "90DDAC84-E71F-44E3-A5A8-D949DC1943D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:weston-embedded:cesium_net:3.07.01:*:*:*:*:*:*:*", "matchCriteriaId": "44A78DFC-FD24-43A2-A4F4-76A77F46E9A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:weston-embedded:uc-http:3.01.01:*:*:*:*:*:*:*", "matchCriteriaId": "6939279F-5819-4661-9050-3947010C9B71", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar da\u00f1os en la memoria. Un atacante puede enviar una solicitud de red para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-24585", "lastModified": "2024-11-21T07:48:10.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.5, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T10:15:26.303", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1725"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}