CVE-2025-11678
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-20

Last updated on: 2025-10-21

Assigner: Nozomi Networks Inc.

Description
Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer than the maximum.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-20
Last Modified
2025-10-21
Generated
2026-05-07
AI Q&A
2025-10-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-11678
EUVD
EUVD-2025-35057
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
warmcat libwebsockets 4.4.2
warmcat libwebsockets 4.1
warmcat libwebsockets 4.3.6
warmcat libwebsockets 4.2
warmcat libwebsockets 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a stack-based buffer overflow in the lws_adns_parse_label function of warmcat libwebsockets. It occurs when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation. An attacker who can sniff a DNS request can craft a malicious DNS response with a label longer than the maximum allowed, causing the label_stack to overflow.


How can this vulnerability impact me? :

The vulnerability can lead to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code, cause a denial of service, or crash the application using warmcat libwebsockets with the affected configuration.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart