5 matches found
EUVD-2026-25661
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
Cesanta Mongoose out-of-bounds write vulnerability (CNVD-2021-12086)
Mongoose is a C/C++ network library. An out-of-bounds write vulnerability exists in the mgtlsinit function in Cesanta Mongoose 7.0, 6.7-6.18. An attacker can exploit this vulnerability via a connection request to cause an out-of-bounds write after the memory pool is exhausted...
CVE-2018-20353
An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mghttpgetprotodata function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...
Design/Logic Flaw
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mgmqttaddsession function...
Cesanta Mongoose HTTP Server CGI Remote Code Execcution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP...