Main Vulnerability Database Vulnerabilities #VU14155

Buffer overflow in uc-httpd - CVE-2018-10088

Published: August 1, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU14155

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2018-10088

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Xiongmai Technology

Affected software:
uc-httpd

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability my result in system compromise.

How to mitigate CVE-2018-10088

Install update from vendor's website.

Sources

https://github.com/bitfu/uc-httpd-1.0.0-buffer-overflow-exploit

Buffer overflow in uc-httpd - CVE-2018-10088

Detailed vulnerability description

How to mitigate CVE-2018-10088

Sources

Please verify you're human