CVE-2023-50965

CRITICAL

Micro HTTP Server through 4398570 - Stack-based Buffer Overflow via Long URI

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-50965. PoCs published by DaviGSantana.

AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2023-50965, demonstrating a stack-based buffer overflow leading to RCE. The exploit crafts a malicious HTTP request with a NOP sled and shellcode to overwrite the return address and redirect execution.

Description

In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.

Exploits (1)

nomisec WORKING POC
by DaviGSantana · poc
https://github.com/DaviGSantana/CVE-2023-50965

The repository contains a functional exploit PoC for CVE-2023-50965, demonstrating a stack-based buffer overflow leading to RCE. The exploit crafts a malicious HTTP request with a NOP sled and shellcode to overwrite the return address and redirect execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unspecified vulnerable service (likely a web server or network service)
No auth needed
Prerequisites: Vulnerable service running on port 8001 · No exploit mitigations (e.g., stack canaries, ASLR) enabled
devstral-2 · analyzed Mar 17, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0155
EPSS Percentile 71.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
starnight/micro_http_server
Published Dec 17, 2023
Tracked Since Feb 18, 2026