Source: civetweb Version: 1.16+dfsg-2 Severity: important Tags: security upstream Forwarded: https://github.com/civetweb/civetweb/pull/1347 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for civetweb. CVE-2025-55763[0]: | Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 | (latest) allows a remote attacker to achieve remote code execution | via a crafted HTTP request. This vulnerability is triggered during | request processing and may allow an attacker to corrupt heap memory, | potentially leading to denial of service or arbitrary code | execution. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-55763 https://www.cve.org/CVERecord?id=CVE-2025-55763 [1] https://github.com/civetweb/civetweb/pull/1347 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
