Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cesanta mongoose vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2017-2909
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this ...
Cesanta Mongoose 6.8
685
VMScore
CVE-2017-11567
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server prior to 6.9 allows remote malicious users to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary ...
Cesanta Mongoose Embedded Web Server Library
1 EDB exploit
668
VMScore
CVE-2021-27425
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Cesanta Mongoose Os 2.17.0
668
VMScore
CVE-2020-25756
A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice.
Cesanta Mongoose 6.18
668
VMScore
CVE-2019-19307
An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an malicious user to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.
Cesanta Mongoose 6.16
1 Github repository
668
VMScore
CVE-2019-12951
An issue exists in Mongoose prior to 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
Cesanta Mongoose
668
VMScore
CVE-2018-20354
An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote co...
Cesanta Mongoose
668
VMScore
CVE-2018-20353
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote...
Cesanta Mongoose
668
VMScore
CVE-2018-20355
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose
668
VMScore
CVE-2018-20356
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »