Primary

Context

CivetWeb Buffer Overflow Vulnerability in URI Parser Allowing Remote Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in the URI parser of CivetWeb versions 1.14 through 1.16. This vulnerability allows remote attackers to execute arbitrary code by sending a crafted HTTP request. The issue arises during the processing of requests, where heap memory can be corrupted, potentially leading to a denial-of-service condition or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, allowing for memory corruption that can be leveraged to execute arbitrary code on the server.

Reproduction

The vulnerability can be reproduced by sending an HTTP request that exploits the buffer overflow in the URI parser. This can be done using a network utility to send the crafted request to the server, targeting the specific version of CivetWeb that is vulnerable.

Remediation

Users are advised to update to CivetWeb version 1.17 or later, where this vulnerability has been fixed.

Added: Aug 29, 2025, 5:21 PM

Updated: Aug 29, 2025, 5:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

9.7

remediation

0.0

relevance

0.4

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

9.7

remediation

0.0

relevance

0.4

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CivetWeb Buffer Overflow Vulnerability in URI Parser Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CivetWeb

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating