Volerion logoVolerion
Volerion logoVolerion

wxWidgets Denial-of-Service Vulnerability in wxWebRequestCURL

Vulnerability

A denial-of-service vulnerability has been identified in wxWidgets versions prior to 3.2.7. The issue arises in wxWebRequestCURL when a connection is refused, leading to a crash in wxWidgets applications.

Impact

Exploitation of this vulnerability causes a crash of the wxWidgets application, disrupting its normal operation.

Reproduction

The vulnerability can be reproduced by using wxWidgets version 3.2.6 and the sample 'webrequest' application. When attempting to access a local file via 'http://localhost', the application crashes immediately. This crash can be observed consistently, especially when the request is made to 'localhost' or '127.0.0.1' on a port where no service is listening.

Remediation

Users can upgrade to wxWidgets version 3.2.7 or later, where this issue has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
6.0
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.