CVE-2025-11678
Published: October 23, 2025Last modified: June 22, 2026
Description
Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer than the maximum.
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | libwebsockets | Fixed (4.3.10-r0) |
| 25 LTS | libwebsockets | Fixed (4.3.10-r0) | |
| Stream | libwebsockets | Fixed (4.3.10-r0) |