Lucene search
+L

5 matches found

EUVD
EUVD
added 2026/04/25 4:15 p.m.7 views

EUVD-2026-25661

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

6.9CVSS5.5AI score0.00565EPSS
Exploits1References5
CNVD
CNVD
added 2021/02/09 12:0 a.m.9 views

Cesanta Mongoose out-of-bounds write vulnerability (CNVD-2021-12086)

Mongoose is a C/C++ network library. An out-of-bounds write vulnerability exists in the mgtlsinit function in Cesanta Mongoose 7.0, 6.7-6.18. An attacker can exploit this vulnerability via a connection request to cause an out-of-bounds write after the memory pool is exhausted...

9.1CVSS6.8AI score0.01462EPSS
Exploits1References1
NVD
NVD
added 2019/06/10 5:29 p.m.14 views

CVE-2018-20353

An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mghttpgetprotodata function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service application crash or remote code execution...

9.8CVSS9.6AI score0.03574EPSS
Exploits1References1
Prion
Prion
added 2018/11/27 7:29 a.m.18 views

Design/Logic Flaw

In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mgmqttaddsession function...

4.3CVSS6.5AI score0.00944EPSS
Exploits1References1Affected Software1
Talos
Talos
added 2017/10/31 12:0 a.m.147 views

Cesanta Mongoose HTTP Server CGI Remote Code Execcution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP...

9.8CVSS9.9AI score0.0276EPSS
Exploits2
Rows per page
Query Builder