Filtered by vendor Cesanta
Subscriptions
Filtered by product Mongoose
Subscriptions
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-25756 | 1 Cesanta | 1 Mongoose | 2024-08-04 | 9.8 Critical |
A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice. | ||||
CVE-2020-25887 | 1 Cesanta | 1 Mongoose | 2024-08-04 | 8.8 High |
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | ||||
CVE-2021-26528 | 1 Cesanta | 1 Mongoose | 2024-08-03 | 9.1 Critical |
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||||
CVE-2021-26530 | 1 Cesanta | 1 Mongoose | 2024-08-03 | 9.1 Critical |
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||||
CVE-2021-26529 | 1 Cesanta | 1 Mongoose | 2024-08-03 | 9.1 Critical |
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | ||||
CVE-2023-34188 | 1 Cesanta | 1 Mongoose | 2024-08-02 | 7.5 High |
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests. | ||||
CVE-2023-2905 | 1 Cesanta | 1 Mongoose | 2024-08-02 | 8.8 High |
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11. |