Description
An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://bitbucket.org/nuttx/nuttx/issues/119/denial-of-service-infinite-loop-while
Release Notes, Third Party Advisory x_refsource_misc
https://bitbucket.org/nuttx/nuttx/downloads/nuttx-7_27-README.txt
Scores
CVSS v3
7.5
EPSS
0.0033
EPSS Percentile
56.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (1)
nuttx/nuttx
< 7.27
Published
Dec 28, 2018
Tracked Since
Feb 18, 2026