Aggregates CVE and security vulnerability intelligence across all weston-embedded-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related problems; some flaws may lead to vendor impact memory corruption and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-45318 | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 10.0 | 0.59% | 2024-02-20 | 2025-11-04 |
| CVE-2023-39541 | A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv6 ICMPv6 packet. | [email protected] | 5.9 | 0.39% | 2024-02-20 | 2025-11-04 |
| CVE-2023-39540 | A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv4 ICMP packet. | [email protected] | 5.9 | 0.39% | 2024-02-20 | 2025-11-04 |
| CVE-2023-38562 | A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | [email protected] | 8.7 | 0.27% | 2024-02-20 | 2025-11-04 |
| CVE-2023-31247 | A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 9.0 | 0.36% | 2023-11-14 | 2025-11-04 |
| CVE-2023-28391 | A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 9.0 | 0.36% | 2023-11-14 | 2025-11-04 |
| CVE-2023-28379 | A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 9.0 | 0.28% | 2023-11-14 | 2025-11-04 |
| CVE-2023-27882 | A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 9.0 | 0.33% | 2023-11-14 | 2025-11-04 |
| CVE-2023-25181 | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 9.0 | 0.30% | 2023-11-14 | 2024-11-21 |
| CVE-2023-24585 | An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | [email protected] | 7.7 | 0.30% | 2023-11-14 | 2024-11-21 |
| CVE-2022-46378 | An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command. | [email protected] | 6.5 | 0.84% | 2023-05-10 | 2025-11-04 |
| CVE-2022-46377 | An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command. | [email protected] | 6.5 | 0.52% | 2023-05-10 | 2025-11-04 |
| CVE-2022-41985 | An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | [email protected] | 8.6 | 0.57% | 2023-05-10 | 2024-11-21 |