cbcvebase.
CVE-2023-45318
published 2024-02-20

CVE-2023-45318: A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.75%
75.0th percentile
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.

Affected

3 ranges
VendorProductVersion rangeFixed in
silabsgecko_software_development_kit
silicon_labsgecko_platform
weston_embeddeduc-http

Detection & IOCsextracted from sources · hover to see the quote

snort
119:201
snort
119:281
snort
1:12685
  • CVE-2023-45318 is tracked as TALOS-2023-1843; correlate with this advisory identifier when searching threat intel platforms.
  • The vulnerability is a heap-based buffer overflow in the HTTP Server functionality triggered by a specially crafted network packet; monitor HTTP traffic to embedded/RTOS devices running Weston Embedded uC-HTTP (git commit 80d4004) for anomalous or oversized HTTP requests.
  • The same vulnerable HTTP server codebase is shared across Weston Embedded uC-HTTP, Silicon Labs Gecko Platform, and Weston Embedded Cesium NET; broaden detection scope to cover all three product families.
  • ·Snort rules 119:201, 119:281, 1:12685, and 1:39908 cover exploitation attempts for the full set of five µC/HTTP-server CVEs disclosed together (CVE-2023-24585, CVE-2023-27882, CVE-2023-28379, CVE-2023-31247, CVE-2023-45318); they are not exclusively scoped to CVE-2023-45318 alone.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.