Security Advisory

CVE-2025-11677

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-20 13:41:10

Last updated 2025-10-24 10:54:30

Assigner Nozomi

State PUBLISHED

Description

Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, to achieve denial of service.

← Browse all CVEs View on cve.org ↗