Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2018-20578

An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response.

Published: Dec 28, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-20578
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-835

Affected Software
References

Software	From	Fixed in
nuttx / nuttx	-	7.27

https://bitbucket.org/nuttx/nuttx/downloads/nuttx-7_27-README.txt
https://bitbucket.org/nuttx/nuttx/issues/119/denial-of-service-infinite-loop-while

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo