Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform. By default, the affected code is not executed unless one of the following conditions is met: LWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake. LWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake. Despite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior.
The error consists of a lack of proper control of operations performed within memory buffer boundaries, which allows an attacker to manipulate pointers and access memory areas beyond permitted limits (out-of-bounds memory access). The vulnerable code is present only in Win32 platform compilations and is not executed by default. It becomes active when the LWS_WITHOUT_EXTENSIONS parameter in the CMake configuration is manually set to OFF or LWS_WITH_HTTP_STREAM_COMPRESSION to ON — these are non-default values.
In vulnerable configurations, an attacker can cause memory corruption in the process or trigger uncontrolled behavior of an application using the library, which may consequently enable remote code execution (RCE) or service destabilization.
Update libwebsockets to version 4.3.4 or later. Available patch: commit 3f7c79fd57338aca1bf4a1b1f24e324b80d36265 in the warmcat/libwebsockets GitHub repository. If an immediate update is not possible, ensure that in the CMake configuration the LWS_WITHOUT_EXTENSIONS parameter remains set to ON (default value) and LWS_WITH_HTTP_STREAM_COMPRESSION to OFF (default value).
libwebsockets versions before 4.3.4, compiled for the Win32 platform with non-default options: LWS_WITHOUT_EXTENSIONS=OFF or LWS_WITH_HTTP_STREAM_COMPRESSION=ON
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X