CVE-2017-7185

🗓️ 10 Apr 2017 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 55 Views🌐 WEB

Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string

Reporter	Title	Published	Views	Family All 10
0day.today	Cesanta Mongoose OS - Use-After-Free Vulnerability	6 Apr 201700:00	–	zdt
Circl	CVE-2017-7185	8 Apr 201712:40	–	circl
CNVD	Cesanta Mongoose Embedded Web Server Library and Mongoose OS Memory Misreference Vulnerability	12 Apr 201700:00	–	cnvd
Cvelist	CVE-2017-7185	10 Apr 201715:00	–	cvelist
Exploit DB	Cesanta Mongoose OS - Use-After-Free	6 Apr 201700:00	–	exploitdb
exploitpack	Cesanta Mongoose OS - Use-After-Free	6 Apr 201700:00	–	exploitpack
NVD	CVE-2017-7185	10 Apr 201715:59	–	nvd
OSV	CVE-2017-7185	10 Apr 201715:59	–	osv
Packet Storm	Mongoose OS 1.2 Use-After-Free / Denial Of Service	3 Apr 201700:00	–	packetstorm
Prion	Design/Logic Flaw	10 Apr 201715:59	–	prion

NVD

Node

cesanta mongoose_embedded_web_server_libraryRange≤6.7

cesanta mongoose_osRange≤1.2

Source	Link
github	www.github.com/cesanta/mongoose/commit/b8402ed0733e3f244588b61ad5fedd093e3cf9cc
github	www.github.com/cesanta/mongoose-os/commit/042eb437973a202d00589b13d628181c6de5cf5b
securityfocus	www.securityfocus.com/bid/97370
compass-security	www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2017-7185_mongoose_os_use_after_free.txt
securityfocus	www.securityfocus.com/archive/1/540355/100/0/threaded
exploit-db	www.exploit-db.com/exploits/41826/

Parameter	Position	Path	Description	CWE
boundary	request body	/	Use-after-free in multipart boundary handling leading to a crash via malformed multipart/form-data without a boundary	CWE-416

13 May 2026 00:24Current

7.2High risk

Vulners AI Score7.2

CVSS 25

CVSS 37.5

EPSS0.3325

CWE-416