216.73.216.170

CVE-2025-1866

· Published 03/03/2025 09:15 · Modified 03/03/2025 09:15

Labels: CVE-2025-1866 2025-03-03CVE-2025-1866CWE-119[email protected]

Essential information

Published
03/03/2025 09:15
Modified
03/03/2025 09:15
Author
Creator
CISA KEV
No
CWE

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform. By default, the affected code is not executed unless one of the following conditions is met: LWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake. LWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake. Despite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References