CVE-2023-1732: 
HashiCorp Vault vulnerability analysis and mitigation

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. The vulnerability, discovered on March 29, 2023, allows attackers to send specially crafted network packets that can lead to code execution. The affected systems include Weston Embedded uC-HTTP v3.01.01, Weston Embedded Cesium NET 3.07.01, and Silicon Labs Gecko Platform 4.3.1.0 (Talos Report).

The vulnerability occurs in the HTTP Server header parsing functionality. When processing header fields not equal to Content-Type, Content-Length, Host, or Connection, the server calculates the length and checks if it's less than or equal to the configured buffer size. If the length exactly equals the configured size, it results in a one-byte buffer overwrite with a NULL byte. Due to the memory layout implemented by the uC-LIB Memory Library, this one-byte overwrite results in an arbitrary allocation controlled by the attacker. The vulnerability has been assigned a CVSSv3 score of 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) and is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (Talos Report).

The vulnerability allows attackers to write data anywhere in the program memory space, potentially leading to stack data corruption or function pointer overwriting. This can ultimately result in arbitrary code execution on the affected system. The impact is particularly severe as it affects embedded systems running µC/OS II or µC/OS III RTOS kernels (Talos Report).

The vulnerability can be mitigated through two approaches: 1) Using the application-specific callback function OnReqHdrRxHook to block the processing of unnecessary header fields, or 2) Modifying the uC-HTTP code to prevent the length from being equal to the configured buffer size. A vendor patch was released on June 23, 2023, addressing this vulnerability (Talos Report).