CVE-2025-11678

Published: October 23, 2025Last modified: June 22, 2026

Description

Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer than the maximum.

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlibwebsocketsFixed (4.3.10-r0)
25 LTSlibwebsocketsFixed (4.3.10-r0)
StreamlibwebsocketsFixed (4.3.10-r0)

References

ON THIS PAGE