Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cesanta mongoose vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-26529
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
Cesanta Mongoose
Cesanta Mongoose 7.0
7.5
CVSSv3
CVE-2017-7185
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and previous versions and Mongoose OS 1.2 and previous versions allows remote malicious users to cause a denial of service (crash) vi...
Cesanta Mongoose Os
Cesanta Mongoose Embedded Web Server Library
1 EDB exploit
9.8
CVSSv3
CVE-2019-12951
An issue exists in Mongoose prior to 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
Cesanta Mongoose
7.5
CVSSv3
CVE-2022-25299
This affects the package cesanta/mongoose prior to 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable malicious users to write files to arbitrary locations outside the designated target folder.
Cesanta Mongoose
9.8
CVSSv3
CVE-2018-20353
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote...
Cesanta Mongoose
9.8
CVSSv3
CVE-2018-20354
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote co...
Cesanta Mongoose
9.8
CVSSv3
CVE-2018-20356
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose
7.5
CVSSv3
CVE-2023-34188
The HTTP server in Mongoose prior to 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other req...
Cesanta Mongoose
1 Github repository
9.8
CVSSv3
CVE-2018-20355
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose
7.5
CVSSv3
CVE-2019-13503
mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read.
Cesanta Mongoose 6.15
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »