CVE-2022-24942

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-24942
Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000KlMPOQA3?operationContext=S1 Permissions Required Vendor Advisory
https://github.com/SiliconLabs/gecko_sdk/blame/v4.1.1/platform/micrium_os/net/source/http/server/http_server_req.c Exploit Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:silabs:micrium_uc-http:3.01.01:*:*:*:*:*:*:*
Information

Published : 2022-11-15 13:15

Updated : 2022-11-21 08:19

NVD link : CVE-2022-24942

Mitre link : CVE-2022-24942

JSON object : View

CWE
CWE-787

Out-of-bounds Write

Advertisement

dedicated server usa
Products Affected

silabs

  • micrium_uc-http