CVE-2023-31247
published 2023-11-14CVE-2023-31247: A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.67%
73.9th percentile
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silabs | gecko_software_development_kit | — | — |
| silicon_labs | gecko_platform | — | — |
| weston-embedded | cesium_net | — | — |
| weston-embedded | uc-http | — | — |
| weston_embedded | cesium_net | — | — |
| weston_embedded | uc-http | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
blogs_talos·2024-08-28
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
This is the first post of a three-part series, where we will be delving into the intricacies of fuzzing µC/OS protocol stacks. The techniques I will discuss are universally applicable to various RTOS environments, though our focus will primarily be on µC/OS.
I’ll highlight some of the strategic code modifications I implemented across different µC/OS components. The objective is to streamline the process of developing a fuzzing harness tailored for the µC/HTTP-server. In the second installment of this series, I’ll discuss a technique that I used for delivering multiple requests per fuzz test case. The third post will be like this one, as I’ll describe the code modifications that I made with the aim of fuzzing the µC/TCP-IP stack.
For a bit of context, µC/OS is an RTOS, or “Real-Time Opera
Talos
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
blogs_talos·2024-08-28
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
## Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
This is the first post of a three-part series, where we will be delving into the intricacies of fuzzing µC/OS protocol stacks. The techniques I will discuss are universally applicable to various RTOS environments, though our focus will primarily be on µC/OS.
I’ll highlight some of the strategic code modifications I implemented across different µC/OS components. The objective is to streamline the process of developing a fuzzing harness tailored for the µC/HTTP-server. In the second installment of this series, I’ll discuss a technique that I used for delivering multiple requests per fuzz test case. The third post will be like this one, as I’ll describe the code modifications that I made with the aim of fuzzing the µC/TCP-IP stac
Talos
Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
blogs_talos·2023-11-22·CVSS 7.8
[HIGH] Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
## Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
Cisco Talos’ Vulnerability Research team recently worked with Adobe and Microsoft to patch multiple vulnerabilities in the Acrobat and Excel software, respectively, that could lead to arbitrary code execution.
Talos also disclosed six vulnerabilities in the Weston Embedded µC-HTTP HTTP server implementation, some of which could also lead to code execution.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .
## Adobe Acrobat Reader use-after-free vulnerabilities
Discovered by Jaewon Min and Aleksandar Nikolic of Cisco Talos.
Adobe r
Talos
Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
blogs_talos·2023-11-22·CVSS 7.8
[HIGH] Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
Cisco Talos’ Vulnerability Research team recently worked with Adobe and Microsoft to patch multiple vulnerabilities in the Acrobat and Excel software, respectively, that could lead to arbitrary code execution.
Talos also disclosed six vulnerabilities in the Weston Embedded µC-HTTP HTTP server implementation, some of which could also lead to code execution.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
# Adobe Acrobat Reader use-after-free vulnerabilities
Discovered by Jaewon Min and Aleksandar Nikolic of Cisco Talos.
Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discover
2023-11-14
Published