CNNVD-202510-2626 Information
CNNVD ID
CNNVD-202510-2626
Related CVE
- CNNVD Published: 2025-10-20
Description (Chinese)
Libwebsockets是lws-team开源的一个规范的 libwebsockets 网络库。 Libwebsockets存在安全漏洞,该漏洞源于启用LWS_WITH_SYS_ASYNC_DNS标志编译时,lws_adns_parse_label函数存在基于栈的缓冲区溢出,可能导致执行任意代码。
Description (English)
Libwebsockets is the libwebsockets repository of a norm open source of lws-team. There is a security loophole in Libwebsockets, which stems from the use of the LWS WITH SYS SYNC DNS logo, and the lws adns parse label function has a barrage-based buffer that could lead to the implementation of any code.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
lws-team
Published
2025-10-20
Last Modified
2026-02-24
References
https://libwebsockets.org/git/libwebsockets/commit?id=2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11678
Patch
https://libwebsockets.org/git/libwebsockets/commit?id=2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a
Share on: