CNNVD-202510-2561 Information
CNNVD ID
CNNVD-202510-2561
Related CVE
- CNNVD Published: 2025-10-20
Description (Chinese)
Libwebsockets是lws-team开源的一个规范的 libwebsockets 网络库。 Libwebsockets存在缓冲区错误漏洞,该漏洞源于当启用LWS_WITH_UPNG标志并使用HTML显示堆栈时,lws_upng_emit_next_line函数存在越界读取,可能导致读取堆分配缓冲区之外的数据,造成崩溃。
Description (English)
Libwebsockets is the libwebsockets repository of a norm open source of lws-team. Libwebsockets had an error loophole in the buffer zone, which originated in the collapse of the lws upng emit next line function when the LWS WITH UPNG logo was enabled and the HTML display was used to display stacks, which could lead to the reading of data outside the buffer zone.
Hazard Level
Critical
Vulnerability Type
缓冲区错误
Affected Vendor
lws-team
Published
2025-10-20
Last Modified
2026-02-24
References
https://libwebsockets.org/git/libwebsockets/commit?id=7df24cca7144d7bc9233b6b0a71108bd154ce101 https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11679 https://access.redhat.com/security/cve/cve-2025-11679
Patch
https://libwebsockets.org/git/libwebsockets/commit?id=7df24cca7144d7bc9233b6b0a71108bd154ce101
Share on: