Vulnerabilities > CVE-2023-38562 - Unspecified vulnerability in Weston-Embedded Uc-Tcp-Ip 3.06.01

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

weston-embedded

critical

NVD

Published: 2024-02-20

Updated: 2025-02-12

Summary

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Weston-Embedded Weston Embedded UC TCP IP 3.06.01	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829