Home / mailings [USN-8024-1] Libwebsockets vulnerabilities
Posted on 12 February 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8024-1
February 11, 2026
libwebsockets vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Libwebsockets.
Software Description:
- libwebsockets: C library for building WebSocket-based network applications
Details:
Raffaele Bova discovered that Libwebsockets incorrectly handled memory
when the upgrade header is not valid in the WebSocket server. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2025-11677)
Raffaele Bova discovered that Libwebsockets did not properly check the
size of the destination buffer in the async-dns component. An attacker
could possibly use this issue to cause applications to crash, leading to a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-11678)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libwebsockets19t64 4.3.3-1.1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libwebsockets16 4.0.20-2ubuntu1.1
Ubuntu 20.04 LTS
libwebsockets15 3.2.1-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8024-1
CVE-2025-11677, CVE-2025-11678
Package Information:
https://launchpad.net/ubuntu/+source/libwebsockets/4.0.20-2ubuntu1.1
--===============5272021687407610220==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
