Lucene search

Cesanta Security Vulnerabilities

cve

CVE-2023-2905

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not a...

8.8CVSS

8.7AI Score

0.0004EPSS

2023-08-09 05:15 AM

cve

CVE-2023-29569

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).

5.5CVSS

5.5AI Score

0.001EPSS

2023-04-14 12:15 PM

cve

CVE-2023-29570

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).

5.5CVSS

5.5AI Score

0.001EPSS

2023-04-24 02:15 PM

cve

CVE-2023-29571

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).

5.5CVSS

5.4AI Score

0.001EPSS

2023-04-12 03:15 PM

cve

CVE-2023-30087

Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.

5.5CVSS

5.3AI Score

0.001EPSS

2023-05-09 04:15 PM

cve

CVE-2023-30088

An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.

5.5CVSS

5.3AI Score

0.001EPSS

2023-05-09 04:15 PM

cve

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.

7.5CVSS

7.4AI Score

0.001EPSS

2023-06-23 08:15 PM

cve

CVE-2023-43338

Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.

9.8CVSS

9.7AI Score

0.006EPSS

2023-09-23 12:15 AM

cve

CVE-2023-49549

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.

7.5CVSS

7.3AI Score

0.001EPSS

2024-01-02 11:15 PM

cve

CVE-2023-49550

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.

7.5CVSS

7.3AI Score

0.001EPSS

2024-01-02 11:15 PM

cve

CVE-2023-49551

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.

7.5CVSS

7.3AI Score

0.001EPSS

2024-01-02 11:15 PM

cve

CVE-2023-49552

An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.

7.5CVSS

7.3AI Score

0.001EPSS

2024-01-02 11:15 PM

cve

CVE-2023-49553

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.

7.5CVSS

7.3AI Score

0.001EPSS

2024-01-02 11:15 PM

cve

CVE-2023-50044

Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.

9.8CVSS

9.2AI Score

0.001EPSS

2023-12-20 09:15 AM

Total number of security vulnerabilities114