CVE-2023-50965

CRITICAL

Starnight Micro HTTP Server - Out-of-Bounds Write

Title source: rule

Description

In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.

Exploits (1)

nomisec WORKING POC

by DaviGSantana · poc

https://github.com/DaviGSantana/CVE-2023-50965

View Code ZIP pw:eip

References (2)

[Exploit, Issue Tracking, Mitigation, Third Party Advisory] https://github.com/starnight/MicroHttpServer/issues/5

[Product] https://github.com/starnight/MicroHttpServer/tree/43985708ef5fe7677392c54e229bd22e136c2665

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0498

EPSS Percentile 89.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

starnight/micro_http_server

Published Dec 17, 2023

Tracked Since Feb 18, 2026