Use of Out-of-range Pointer Offset Affecting warmcat/libwebsockets package, versions [,4.3.4)
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-UNMANAGED-WARMCATLIBWEBSOCKETS-9056210
- published4 Mar 2025
- disclosed3 Mar 2025
- creditTrail of Bits, TrustInSoft
Introduced: 3 Mar 2025
CVE-2025-1866 (opens in a new tab)How to fix?
Upgrade warmcat/libwebsockets to version 4.3.4 or higher.
Overview
Affected versions of this package are vulnerable to Use of Out-of-range Pointer Offset due to improper handling of pointer arithmetic operations in inftrees.c. An attacker can cause undefined behavior if LWS_WITHOUT_EXTENSIONS is set to OFF in CMake (non-default setting) and LWS_WITH_HTTP_STREAM_COMPRESSION is set to ON in CMake (non-default setting).
Note: This vulnerability only affects applications built on a Win32 system.