CVE-2024-22087

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 5, 2024
Updated: Jan 11, 2024
CWE ID 787

Summary

CVE-2024-22087 is a newly discovered vulnerability affecting the Pico HTTP Server. The issue lies in the main.c file, where a stack-based buffer overflow can occur due to an overly long URI in the route function. This vulnerability allows remote attackers to exploit the vulnerability by sending specially crafted URI requests, resulting in arbitrary code execution on the server. Successful exploitation could potentially lead to unauthorized access, data theft, or server compromise. It is recommended that users of Pico HTTP Server apply the necessary patches or upgrades to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share