Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cesanta mongoose vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2017-2909
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this ...
Cesanta Mongoose 6.8
7.5
CVSSv2
CVE-2021-27425
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Cesanta Mongoose Os 2.17.0
7.5
CVSSv2
CVE-2020-25756
A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice.
Cesanta Mongoose 6.18
7.5
CVSSv2
CVE-2019-19307
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an malicious user to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.
Cesanta Mongoose 6.16
1 Github repository
7.5
CVSSv2
CVE-2019-12951
An issue exists in Mongoose prior to 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
Cesanta Mongoose
7.5
CVSSv2
CVE-2018-20354
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote co...
Cesanta Mongoose
7.5
CVSSv2
CVE-2018-20353
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote...
Cesanta Mongoose
7.5
CVSSv2
CVE-2018-20355
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose
7.5
CVSSv2
CVE-2018-20356
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose
7.5
CVSSv2
CVE-2017-2891
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send th...
Cesanta Mongoose 6.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »