An update for libwebsockets is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2611 Final 1.0 1.0 2025-10-31 Initial 2025-10-31 2025-10-31 openEuler SA Tool V1.0 2025-10-31 libwebsockets security update An update for libwebsockets is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3 Libwebsockets (LWS) is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using a nonblocking event loop. Security Fix(es): Use After Free vulnerability exists in the WebSocket server implementation in lws_handshake_server in warmcat libwebsockets. In specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, an attacker may achieve denial of service.(CVE-2025-11677) Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer than the maximum.(CVE-2025-11678) An update for libwebsockets is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libwebsockets https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2611 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11677 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11678 https://nvd.nist.gov/vuln/detail/CVE-2025-11677 https://nvd.nist.gov/vuln/detail/CVE-2025-11678 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 libwebsockets-4.3.0-7.oe2203sp4.aarch64.rpm libwebsockets-debuginfo-4.3.0-7.oe2203sp4.aarch64.rpm libwebsockets-debugsource-4.3.0-7.oe2203sp4.aarch64.rpm libwebsockets-devel-4.3.0-7.oe2203sp4.aarch64.rpm libwebsockets-4.3.3-4.oe2403.aarch64.rpm libwebsockets-debuginfo-4.3.3-4.oe2403.aarch64.rpm libwebsockets-debugsource-4.3.3-4.oe2403.aarch64.rpm libwebsockets-devel-4.3.3-4.oe2403.aarch64.rpm libwebsockets-4.3.3-4.oe2403sp1.aarch64.rpm libwebsockets-debuginfo-4.3.3-4.oe2403sp1.aarch64.rpm libwebsockets-debugsource-4.3.3-4.oe2403sp1.aarch64.rpm libwebsockets-devel-4.3.3-4.oe2403sp1.aarch64.rpm libwebsockets-4.3.3-4.oe2403sp2.aarch64.rpm libwebsockets-debuginfo-4.3.3-4.oe2403sp2.aarch64.rpm libwebsockets-debugsource-4.3.3-4.oe2403sp2.aarch64.rpm libwebsockets-devel-4.3.3-4.oe2403sp2.aarch64.rpm libwebsockets-4.3.0-7.oe2003sp4.aarch64.rpm libwebsockets-debuginfo-4.3.0-7.oe2003sp4.aarch64.rpm libwebsockets-debugsource-4.3.0-7.oe2003sp4.aarch64.rpm libwebsockets-devel-4.3.0-7.oe2003sp4.aarch64.rpm libwebsockets-4.3.0-7.oe2203sp3.aarch64.rpm libwebsockets-debuginfo-4.3.0-7.oe2203sp3.aarch64.rpm libwebsockets-debugsource-4.3.0-7.oe2203sp3.aarch64.rpm libwebsockets-devel-4.3.0-7.oe2203sp3.aarch64.rpm libwebsockets-4.3.0-7.oe2203sp4.src.rpm libwebsockets-4.3.3-4.oe2403.src.rpm libwebsockets-4.3.3-4.oe2403sp1.src.rpm libwebsockets-4.3.3-4.oe2403sp2.src.rpm libwebsockets-4.3.0-7.oe2003sp4.src.rpm libwebsockets-4.3.0-7.oe2203sp3.src.rpm libwebsockets-4.3.0-7.oe2203sp4.x86_64.rpm libwebsockets-debuginfo-4.3.0-7.oe2203sp4.x86_64.rpm libwebsockets-debugsource-4.3.0-7.oe2203sp4.x86_64.rpm libwebsockets-devel-4.3.0-7.oe2203sp4.x86_64.rpm libwebsockets-4.3.3-4.oe2403.x86_64.rpm libwebsockets-debuginfo-4.3.3-4.oe2403.x86_64.rpm libwebsockets-debugsource-4.3.3-4.oe2403.x86_64.rpm libwebsockets-devel-4.3.3-4.oe2403.x86_64.rpm libwebsockets-4.3.3-4.oe2403sp1.x86_64.rpm libwebsockets-debuginfo-4.3.3-4.oe2403sp1.x86_64.rpm libwebsockets-debugsource-4.3.3-4.oe2403sp1.x86_64.rpm libwebsockets-devel-4.3.3-4.oe2403sp1.x86_64.rpm libwebsockets-4.3.3-4.oe2403sp2.x86_64.rpm libwebsockets-debuginfo-4.3.3-4.oe2403sp2.x86_64.rpm libwebsockets-debugsource-4.3.3-4.oe2403sp2.x86_64.rpm libwebsockets-devel-4.3.3-4.oe2403sp2.x86_64.rpm libwebsockets-4.3.0-7.oe2003sp4.x86_64.rpm libwebsockets-debuginfo-4.3.0-7.oe2003sp4.x86_64.rpm libwebsockets-debugsource-4.3.0-7.oe2003sp4.x86_64.rpm libwebsockets-devel-4.3.0-7.oe2003sp4.x86_64.rpm libwebsockets-4.3.0-7.oe2203sp3.x86_64.rpm libwebsockets-debuginfo-4.3.0-7.oe2203sp3.x86_64.rpm libwebsockets-debugsource-4.3.0-7.oe2203sp3.x86_64.rpm libwebsockets-devel-4.3.0-7.oe2203sp3.x86_64.rpm libwebsockets-help-4.3.0-7.oe2203sp4.noarch.rpm libwebsockets-help-4.3.3-4.oe2403.noarch.rpm libwebsockets-help-4.3.3-4.oe2403sp1.noarch.rpm libwebsockets-help-4.3.3-4.oe2403sp2.noarch.rpm libwebsockets-help-4.3.0-7.oe2003sp4.noarch.rpm libwebsockets-help-4.3.0-7.oe2203sp3.noarch.rpm Use After Free vulnerability exists in the WebSocket server implementation in lws_handshake_server in warmcat libwebsockets. In specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, an attacker may achieve denial of service. 2025-10-31 CVE-2025-11677 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 Low 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L libwebsockets security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2611 Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer than the maximum. 2025-10-31 CVE-2025-11678 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 High 7.6 AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L libwebsockets security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2611