Bug 2405139 (CVE-2025-11678)
| Summary: | CVE-2025-11678 libwebsockets: Stack-based Buffer Overflow in libwebsockets | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | ansmith, eglynn, jjoyce, jschluet, lhh, lsvaty, mburns, mgarciac, peholase, pgrist, pjindal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A stack based buffer overflow flaw has been discovered in libwebsockets. The vulnerability allows an attacker that can inspect DNS requests made by the victim (e.g. being in the same wireless network) to forge a DNS response packet that overflows the stack and may lead to arbitrary code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2405566, 2405568, 2405569, 2405570, 2405571 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-10-20 17:24:09 UTC
|