CVE-2023-45318
published 2024-02-20CVE-2023-45318: A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.75%
75.0th percentile
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silabs | gecko_software_development_kit | — | — |
| silicon_labs | gecko_platform | — | — |
| weston_embedded | uc-http | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
119:201
snort↗
119:281
snort↗
1:12685
- →CVE-2023-45318 is tracked as TALOS-2023-1843; correlate with this advisory identifier when searching threat intel platforms. ↗
- →The vulnerability is a heap-based buffer overflow in the HTTP Server functionality triggered by a specially crafted network packet; monitor HTTP traffic to embedded/RTOS devices running Weston Embedded uC-HTTP (git commit 80d4004) for anomalous or oversized HTTP requests. ↗
- →The same vulnerable HTTP server codebase is shared across Weston Embedded uC-HTTP, Silicon Labs Gecko Platform, and Weston Embedded Cesium NET; broaden detection scope to cover all three product families. ↗
- ·Snort rules 119:201, 119:281, 1:12685, and 1:39908 cover exploitation attempts for the full set of five µC/HTTP-server CVEs disclosed together (CVE-2023-24585, CVE-2023-27882, CVE-2023-28379, CVE-2023-31247, CVE-2023-45318); they are not exclusively scoped to CVE-2023-45318 alone. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
blogs_talos·2024-08-28
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
This is the first post of a three-part series, where we will be delving into the intricacies of fuzzing µC/OS protocol stacks. The techniques I will discuss are universally applicable to various RTOS environments, though our focus will primarily be on µC/OS.
I’ll highlight some of the strategic code modifications I implemented across different µC/OS components. The objective is to streamline the process of developing a fuzzing harness tailored for the µC/HTTP-server. In the second installment of this series, I’ll discuss a technique that I used for delivering multiple requests per fuzz test case. The third post will be like this one, as I’ll describe the code modifications that I made with the aim of fuzzing the µC/TCP-IP stack.
For a bit of context, µC/OS is an RTOS, or “Real-Time Opera
Talos
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
blogs_talos·2024-08-28
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
## Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
This is the first post of a three-part series, where we will be delving into the intricacies of fuzzing µC/OS protocol stacks. The techniques I will discuss are universally applicable to various RTOS environments, though our focus will primarily be on µC/OS.
I’ll highlight some of the strategic code modifications I implemented across different µC/OS components. The objective is to streamline the process of developing a fuzzing harness tailored for the µC/HTTP-server. In the second installment of this series, I’ll discuss a technique that I used for delivering multiple requests per fuzz test case. The third post will be like this one, as I’ll describe the code modifications that I made with the aim of fuzzing the µC/TCP-IP stac
Talos
Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
blogs_talos·2024-02-28·CVSS 7.8
[HIGH] Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
## Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
Cisco Talos has disclosed more than 30 vulnerabilities in February, including seven in Adobe Acrobat Reader, one of the most popular PDF editing and reading software currently available.
Adversaries could exploit these vulnerabilities to trigger the reuse of a previously freed object, thus causing memory corruption and potentially arbitrary code execution on the targeted machine.
Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded's in-house operating system and an open-source library that processes several types of potentially sensitive medical tests.
For Snort coverage that can detect the exploitation of these
Talos
Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
blogs_talos·2024-02-28·CVSS 7.8
[HIGH] Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
Cisco Talos has disclosed more than 30 vulnerabilities in February, including seven in Adobe Acrobat Reader, one of the most popular PDF editing and reading software currently available.
Adversaries could exploit these vulnerabilities to trigger the reuse of a previously freed object, thus causing memory corruption and potentially arbitrary code execution on the targeted machine.
Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded's in-house operating system and an open-source library that processes several types of potentially sensitive medical tests.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerabil
2024-02-20
Published