Critical Vulnerability Information Vulnerability ID NN-2025-0103: ADNS crafted response overflow Affected Components and Versions Affected Component: EcoStruxure Automation Expert Affected Version: 4.4 Vulnerability Type CWE-121: Stack-based Buffer Overflow CVSS Score Proposed CVSS v3.1 Base Score: 7.5 Proposed CVSS v3.1 Vector: CVSS:3.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Vulnerability Description Libwebsockets is a C library that provides client and server implementations supporting multiple protocols (such as HTTP, WebSockets, MQTT, etc.). Nozomi Networks Lab discovered a CWE-121: Stack-based Buffer Overflow vulnerability in the latest version of libwebsockets, specifically within the async-dns component. This vulnerability allows an attacker to inspect DNS requests sent by the victim and craft a malicious DNS response packet, triggering a stack overflow. Depending on the platform and compiler options, this could lead to arbitrary code execution. The issue resides in the function (located in ), which iterates through label parsing but fails to properly validate the number of bytes being written to the target buffer. Vulnerability Trigger Conditions To trigger this vulnerability, the attacker must be able to sniff DNS request packets and send a response with a matching identifier. Otherwise, the implementation will correctly ignore the response. Testing Method We provide a test harness that can be copied into a subdirectory (e.g., ) and built. Use the following command to build and test: Then run: It is recommended to track the number of bytes currently being written to the target buffer. This can be achieved by saving the original target pointer, decrementing each time is called, or using an auxiliary variable.