Main Vulnerability Database Vulnerabilities #VU14155

#VU14155 Buffer overflow in uc-httpd - CVE-2018-10088

Published: August 1, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU14155

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2018-10088

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
uc-httpd

Software vendor:
Xiongmai Technology

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability my result in system compromise.

Remediation

Install update from vendor's website.

External links

https://github.com/bitfu/uc-httpd-1.0.0-buffer-overflow-exploit

#VU14155 Buffer overflow in uc-httpd - CVE-2018-10088

Description

Remediation

External links

Please verify you're human