CNNVD-202510-2562 Information
CNNVD ID
CNNVD-202510-2562
Related CVE
- CNNVD Published: 2025-10-20
Description (Chinese)
Libwebsockets是lws-team开源的一个规范的 libwebsockets 网络库。 Libwebsockets存在缓冲区错误漏洞,该漏洞源于LWS_WITH_UPNG编译标志启用时,unfilter_scanline函数存在越界写入,可能导致堆缓冲区溢出。
Description (English)
Libwebsockets is the libwebsockets repository of a norm open source of lws-team. Libwebsockets had an error loophole in the buffer zone, which originated when the LWS WITH UPNG compiler logo was enabled, and the unfilter scanline function had crossed the border, which could lead to a spill over the buffer zone.
Hazard Level
Critical
Vulnerability Type
缓冲区错误
Affected Vendor
lws-team
Published
2025-10-20
Last Modified
2026-02-24
References
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11680 https://libwebsockets.org/git/libwebsockets/commit?id=2b715249f39291c86443b969a1088d59b6a89b78 https://vigilance.fr/vulnerability/libwebsockets-buffer-overflow-via-unfilter-scanline-49047 https://access.redhat.com/security/cve/cve-2025-11680
Patch
https://libwebsockets.org/git/libwebsockets/commit?id=2b715249f39291c86443b969a1088d59b6a89b78
Share on: