Primary

Context

Warmcat libwebsockets Pointer Manipulation Vulnerability Leading to Out-of-Bounds Memory Access on Win32

Vulnerability

A vulnerability in warmcat libwebsockets prior to 4.3.4 allows improper restriction of operations within the bounds of a memory buffer. This issue, present in code built for the Win32 platform, can lead to pointer manipulation and potentially out-of-bounds memory access. The vulnerability arises when LWS_WITHOUT_EXTENSIONS is set to OFF or LWS_WITH_HTTP_STREAM_COMPRESSION is set to ON in CMake. When triggered under these conditions, the vulnerability may enable attackers to manipulate pointers, leading to memory corruption or unexpected behavior.

Impact

Exploitation of this vulnerability could result in memory corruption or undefined behavior due to out-of-bounds memory access.

Remediation

Users can update to libwebsockets version 4.3.4 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.9

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.9

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Warmcat libwebsockets Pointer Manipulation Vulnerability Leading to Out-of-Bounds Memory Access on Win32

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating