{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1866", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2025-03-03T08:26:24.158Z", "datePublished": "2025-03-03T08:44:23.118Z", "dateUpdated": "2025-03-03T16:34:59.877Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com", "defaultStatus": "unaffected", "product": "libwebsockets", "vendor": "warmcat", "versions": [{"changes": [{"at": "patch 4.3.4", "status": "unaffected"}], "lessThan": "<4.3.4", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.<br><br>By default, the affected code is not executed unless one of the following conditions is met:<br><br>LWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.<br>LWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.<br>Despite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior."}], "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.\n\nBy default, the affected code is not executed unless one of the following conditions is met:\n\nLWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.\nLWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.\nDespite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior."}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-03-03T08:44:23.118Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/warmcat/libwebsockets/commit/3f7c79fd57338aca1bf4a1b1f24e324b80d36265"}], "source": {"discovery": "UNKNOWN"}, "title": "Undefined Behavior Due to Out-of-Bounds Pointer Arithmetic in libwebsockets", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-03T16:34:26.018890Z", "id": "CVE-2025-1866", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T16:34:59.877Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1866", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-03T16:34:26.018890Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T16:34:54.887Z"}}], "cna": {"title": "Undefined Behavior Due to Out-of-Bounds Pointer Arithmetic in libwebsockets", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "warmcat", "product": "libwebsockets", "versions": [{"status": "affected", "changes": [{"at": "patch 4.3.4", "status": "unaffected"}], "version": "0", "lessThan": "<4.3.4", "versionType": "git"}], "collectionURL": "https://github.com", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/warmcat/libwebsockets/commit/3f7c79fd57338aca1bf4a1b1f24e324b80d36265", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.\n\nBy default, the affected code is not executed unless one of the following conditions is met:\n\nLWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.\nLWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.\nDespite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior.", "supportingMedia": [{"type": "text/html", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.<br><br>By default, the affected code is not executed unless one of the following conditions is met:<br><br>LWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.<br>LWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.<br>Despite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-03-03T08:44:23.118Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1866", "state": "PUBLISHED", "dateUpdated": "2025-03-03T16:34:59.877Z", "dateReserved": "2025-03-03T08:26:24.158Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2025-03-03T08:44:23.118Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.\n\nBy default, the affected code is not executed unless one of the following conditions is met:\n\nLWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.\nLWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.\nDespite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior."}], "id": "CVE-2025-1866", "lastModified": "2025-03-03T09:15:39.370", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2025-03-03T09:15:39.370", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/warmcat/libwebsockets/commit/3f7c79fd57338aca1bf4a1b1f24e324b80d36265"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{"bugzilla": {"description": "libwebsockets: Undefined Behavior Due to Out-of-Bounds Pointer Arithmetic in libwebsockets", "id": "2349439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349439"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.\nBy default, the affected code is not executed unless one of the following conditions is met:\nLWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.\nLWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.\nDespite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior.", "A flaw was found in warmcat libwebsockets. This vulnerability allows pointer manipulation, potentially leading to out-of-bounds memory access via specific CMake configurations on the Win32 platform."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-1866", "package_state": [{"cpe": "cpe:/a:redhat:amq_interconnect:1", "fix_state": "Not affected", "package_name": "libwebsockets", "product_name": "A-MQ Interconnect 1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "libwebsockets", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Not affected", "package_name": "libwebsockets", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite:el8/libwebsockets", "product_name": "Red Hat Satellite 6"}], "public_date": "2025-03-03T08:44:23Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1866\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1866\nhttps://github.com/warmcat/libwebsockets/commit/3f7c79fd57338aca1bf4a1b1f24e324b80d36265"], "statement": "No Red Hat products are affected by this vulnerability.\nAlthough the affected code path is gated behind non-default CMake options, this vulnerability marked as important severity due to the nature of the flaw\u2014pointer manipulation leading to out-of-bounds memory access. When triggered, it can allow an attacker to corrupt memory outside the intended bounds, which is a classic primitive for exploiting memory safety bugs. On platforms like Win32, where traditional memory protections may vary or be less robust than on hardened Unix-like systems, such vulnerabilities can facilitate control flow hijacking or arbitrary code execution if combined with other memory layout knowledge or information disclosure bugs.", "threat_severity": "Important"}

{}