CVE-2023-38434

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 18, 2023

Updated: Jul 27, 2023

CWE ID 415

Summary

CVE-2023-38434 is a newly identified vulnerability affecting the xHTTP library with the identifier 72f812d. This issue involves a double free error in the 'close_connection' function of xhttp.c. Maliciously crafted HTTP request methods can trigger this vulnerability and lead to memory corruption, potentially allowing attackers to execute arbitrary code or cause a denial-of-service condition. It is crucial for users of the xHTTP library to apply the necessary patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sB4vJW
https://www.cve.org/CVERecord?id=CVE-2023-38434
https://nvd.nist.gov/vuln/detail/CVE-2023-38434

Back to Vulnerability Database

CVE-2023-38434

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations