Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 24.04 LTS Libwebsockets High Denial of Service Risks USN-8024-1

ubuntu
Calendar Grey February 12, 2026
Dist Ubuntu Esm H88
Libwebsockets fixes several issues in Ubuntu affecting denial of service and potential code execution vulnerabilities.
Several security issues were fixed in Libwebsockets.

Summary

Several security issues were fixed in Libwebsockets.

Software Description:

- libwebsockets: C library for building WebSocket-based network applications

Details:

Raffaele Bova discovered that Libwebsockets incorrectly handled memory

when the upgrade header is not valid in the WebSocket server. An

attacker could possibly use this issue to cause a denial of service.

(CVE-2025-11677)

Raffaele Bova discovered that Libwebsockets did not properly check the

size of the destination buffer in the async-dns component. An attacker

could possibly use this issue to cause applications to crash, leading to a

denial of service, or possibly execute arbitrary code. This issue only

affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-11678)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libwebsockets19t64              4.3.3-1.1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  libwebsockets16                 4.0.20-2ubuntu1.1

Ubuntu 20.04 LTS
  libwebsockets15                 3.2.1-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8024-1

CVE-2025-11677, CVE-2025-11678

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8024-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here